Josh BressersOct 8

OK open source security nerds, I need your help

I have a podcast youtube show thing called Open Source Security

https://opensourcesecurity.io/

I'm always looking for guests. Back when I changed formats in January I had a pretty large list of people sent to me as suggestions. I've made it through the list (it took me 10 months)

If you know someone (or are someone) doing open source security work I would love a suggestion. DMs are open and there are other contact things on the website

I especially like guests who are unsung heroes

Open Source Security

Open Source Security
Show threadTanuki
@joshbressers yes you should interview @yossarian
Oct 9 at 2:37amIceCubesApp
Show threadyossarian (1.3.6.1.4.1.55738)Oct 9

@Tanuki @joshbressers he did! https://opensourcesecurity.io/2025/2025-05-securing-github-actions-william-woodruff/

(I’d be happy to be back on it whenever though, but 5 months seems short lol)

Securing GitHub Actions with William Woodruff

William Woodruff discussed his project, Zizmor, a security linter designed to help developers identify and fix vulnerabilities within their GitHub Actions workflows. This tool addresses inherent security risks in GitHub Actions, such as injection vulnerabilities, permission issues, and mutable tags, by providing static analysis and remediation guidance. Fresh off the heels of the tj-actions/changed-files backdoor, this is a great topic with some things everyone can do right away. Episode Links William Zizmor This episode is also available as a podcast, search for “Open Source Security” on your favorite podcast player.

Open Source Security
Show threadJosh BressersOct 9

@yossarian @Tanuki

You should totally come back sometime soon. Your work in many different areas is propping up a lot of our open source infrastructure