GrypeWe're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=O5ewVqmClYo
SyftWe're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=O5ewVqmClYo
Josh BressersI had a chat on #OpenSourceSecurity with Luke Hinds about his project nono as well as MCP security
nono is a sandbox for containing all these tools, which is an incredibly difficult problem to solve. The things we see skills and MCP doing are moving forward faster than anyone can keep up
Luke has great insight into what's going on and what's wrong with what's going on
MCP and Agent security with Luke Hinds
Josh talks to Luke Hinds, CEO of Always Further, about MCP and agent security. We start out talking about Luke’s new tool, nono which is a sandboxing tool that has AI agents in mind as a use case. We explain what MCP and agents are doing as well as why it’s so hard to secure them. It’s not impossible, but it’s not simple either. We end the show by discussing some of the more human aspects to security and how history may be repeating itself with security folks laughing at new users who don’t know any better.
We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=0GtI0pEWpzI
We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=0GtI0pEWpzI
This week on #OpenSourceSecurity I had a chat with Paul Kehrer and Alex Gaynor about the statement they published discussing the challenges posed by modern OpenSSL for the python cryptography module
It was a super fun discussion, I learned a ton, and it highlights the open source question about what happens when one of your dependencies isn't a great fit anymore
https://opensourcesecurity.io/2026/2026-03-cryptography-alex-paul/
The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer
Josh talks to Paul Kehrer and Alex Gaynor, from the Python Cryptographic Authority. Alex and Paul recently published a statement discuss the challenges posed by modern OpenSSL. We discuss the statement and their relationship with OpenSSL. We chat about some of the current features in cryptography, as well as some of what’s coming in the future. It’s a fun conversation that hits on a lot of great points. Episode Links Alex Paul pyca/cryptography The State of OpenSSL for pyca/cryptography x509-limbo Community Cryptography Specification Project This episode is also available as a podcast, search for “Open Source Security” on your favorite podcast player.
I had a chat on #OpenSourceSecurity with @sylvestre about his Rust coreutils work
Replacing coreutils with Rust is one of those things that I love as a way to improve security but also keep a project fresh in the modern age
I learned a ton from this disucssion
https://opensourcesecurity.io/2026/2026-03-rust-coreutils-sylvestre-ledru/
Rust coreutils with Sylvestre Ledru
Josh talks to Sylvestre Ledru about the Rust coreutils project. We’ve been using GNU coreutils for decades now, and the goal of Rust coreutils is to rewrite these utilities in Rust. The primary reason isn’t security, it’s to modernize the code and attract new contributors. Sylvestre discusses with quite pleasant relationship with the GNU coreutils developers, some of the challenges in the project. What Ubuntu using this by default meant, and also gives us some things to watch for in the future. It’s a super fun discussion about why Rust is not only awesome, but also the future.
TechNaduSupply chain security meets reproducible builds.
ExpressVPN is sponsoring PlanetNix 2026, highlighting the intersection of privacy, open-source infrastructure, and build reproducibility.
Event focus areas:
• Deterministic builds
• Secure deployment pipelines
• DevSecOps integration
• Team-level onboarding models
• Production-grade Nix environments
Reproducibility is increasingly tied to:
– Software supply chain integrity
– Auditability
– Compliance frameworks
– Infrastructure security baselines
As build determinism becomes more relevant to threat modeling, open-source tooling like Nix may play a critical role.
Source: https://planetnix.com/
Are reproducible systems now essential for modern security architecture?
Engage in the comments.
Follow TechNadu for high-signal infosec reporting.
Repost to amplify open-source security discussions.
#Infosec #DevSecOps #SupplyChainSecurity #ReproducibleBuilds #NixOS #OpenSourceSecurity #ExpressVPN #CloudSecurity #InfrastructureSecurity #ThreatModeling
We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=FazSzP_Kty4
We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=FazSzP_Kty4
