This episode of #OpenSourceSecurity I chat with Alex Zenla from Edera about the #TARmageddon vulnerability they found

I've coordinated a lot of vulnerabilities in my day, but never have I had to even think about something as difficult as this one. Alex fills us in on how it was found, what the coordination looked like, and some things to think about as we manage these incredibly complex supply chains

https://opensourcesecurity.io/2025/2025-12-tarmageddon-alex/

This episode of #OpenSourceSecurity I chat with Alex Zenla from Edera about the #TARmageddon vulnerability they found

I've coordinated a lot of vulnerabilities in my day, but never have I had to even think about something as difficult as this one. Alex fills us in on how it was found, what the coordination looked like, and some things to think about as we manage these incredibly complex supply chains

https://opensourcesecurity.io/2025/2025-12-tarmageddon-alex/

On this episode of #OpenSourceSecurity I chat with @hughsie about the Linux Vendor Firmware Service (LVFS)

While it's amazing we can update firmware from Linux now, it was a ton of work to get us here

If you have gear that doesn't work with LVFS, make sure you ask the vendor why not (and support the hardware folks who do support LVFS)

https://opensourcesecurity.io/2025/2025-11-lvfs-richard-hughes/

On this episode of #OpenSourceSecurity I chat with @hughsie about the Linux Vendor Firmware Service (LVFS)

While it's amazing we can update firmware from Linux now, it was a ton of work to get us here

If you have gear that doesn't work with LVFS, make sure you ask the vendor why not (and support the hardware folks who do support LVFS)

https://opensourcesecurity.io/2025/2025-11-lvfs-richard-hughes/

This week on #OpenSourceSecurity I talk to @ottok about his blog post about detecting an attack like xz in Debian

It's a fascinating conversation about a very complicated topic

There are things that could be detected, but this one would have been very very difficult

https://opensourcesecurity.io/2025/2025-11-xz-debian-otto/

This week on #OpenSourceSecurity I talk to @ottok about his blog post about detecting an attack like xz in Debian

It's a fascinating conversation about a very complicated topic

There are things that could be detected, but this one would have been very very difficult

https://opensourcesecurity.io/2025/2025-11-xz-debian-otto/

How do you secure thousands of open-source projects?

At the June 2025 FreeBSD Developer Summit, Michael Winser shared three years of lessons from the Alpha-Omega project—covering supply chain risk, rapid audits, and sustainable funding.

📺 Watch here: Lessons From Funding Open Source Security Over the Past 3 Years, What’s Ahead
https://youtu.be/6DoT-eFH6tY?si=M_zlAfXFrCrvj36_

#BSDCan2025#OpenSourceSecurity#AlphaOmega#FreeBSD

How do you secure thousands of open-source projects?

At the June 2025 FreeBSD Developer Summit, Michael Winser shared three years of lessons from the Alpha-Omega project—covering supply chain risk, rapid audits, and sustainable funding.

📺 Watch here: Lessons From Funding Open Source Security Over the Past 3 Years, What’s Ahead
https://youtu.be/6DoT-eFH6tY?si=M_zlAfXFrCrvj36_

#BSDCan2025#OpenSourceSecurity#AlphaOmega#FreeBSD