Open Source Security

Listen, download, subscribe

Apple Podcasts

Spotify

Package management challenges with Andrew Nesbitt

Josh welcomes back Andrew Nesbitt to discuss some recent blog posts he wrote about the challenges of new ecosystems as well as challenges of no ecosystems like C. There aren't very many people who look at multiple ecosystems in the way Andrew does. He has thoughts on why it's so hard to create a new ecosystem as well as some of the reasons we don't see a C language ecosystem. Andrew has a ton of interesting ideas and insight for us about both existing, new, and nonexistent ecosystems. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2026/2026-04-ecosystems-andrew/

• 

  How to actually test a disaster plan with David Bernstein

• 

  Open Source Pledge with Vlad-Stefan Harbuz

• 

  Building a plan for disaster with David Bernstein

• 

  Open Source Malware with Paul McCarty

• 

  Open Source Security at scale with Michael Winser

• 

  2026 State of the Software Supply Chain with Brian Fox

• 

  MCP and Agent security with Luke Hinds

• 

  The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer

• 

  Rust coreutils with Sylvestre Ledru

• 

  Goose and the Agentic AI Foundation with Brad Axen

• 

  The Global Vulnerability Intelligence Platform with Olle E. Johansson

• 

  Digital Sovereignty and Nextcloud with Frank Karlitschek

• 

  The Art of Crisis Management with David Bernstein

• 

  WTF is a passkey with William Brown

• 

  All about Suricata with Victor Julien