Open Source Security

Listen, download, subscribe

Apple Podcasts

Spotify

CVE update with Patrick Garrity

In this episode I chat with Patrick Garrity from VulnCheck. We discuss the chaos that has enveloped the CVE and NVD programs over the past two years. We cover some of the transparency and communication challenges with the existing program. What some of the new things that have started to emerge as well as why they seem to be struggling. We end on the note that the last 3 months haven't been confidence inspiring. It's likely in 6 months everyone will be scrambling to deal with a difficult situation. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-08-cve-patrick-garrity/

• 

  How to actually test a disaster plan with David Bernstein

• 

  Open Source Pledge with Vlad-Stefan Harbuz

• 

  Building a plan for disaster with David Bernstein

• 

  Open Source Malware with Paul McCarty

• 

  Package management challenges with Andrew Nesbitt

• 

  Open Source Security at scale with Michael Winser

• 

  2026 State of the Software Supply Chain with Brian Fox

• 

  MCP and Agent security with Luke Hinds

• 

  The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer

• 

  Rust coreutils with Sylvestre Ledru

• 

  Goose and the Agentic AI Foundation with Brad Axen

• 

  The Global Vulnerability Intelligence Platform with Olle E. Johansson

• 

  Digital Sovereignty and Nextcloud with Frank Karlitschek

• 

  The Art of Crisis Management with David Bernstein

• 

  WTF is a passkey with William Brown

• 

  All about Suricata with Victor Julien