From Fear to Confidence: Navigating Open Source Security

In this episode, we welcomed back Christopher Robinson, aka CRob, to discuss his extensive work in the Open Source Security Foundation (OpenSSF). We chatted about the importance of open source software security, detailing the various initiatives aimed at improving security standards. CRob shares insights into the working groups and projects within OpenSSF, focusing on their efforts to educate developers and security researchers. We also touched on the upcoming SOSS Fusion event, and its role in fostering community engagement and collaboration in open source security. We encourage listeners to join these endeavors and contribute to solving significant security challenges.    00:00 Welcome Back, CRob!00:52 Diving into Open Source Security01:20 Understanding the OpenSSF04:18 Key Personas in Open Source Security09:44 Educational Resources for Developers12:17 Getting Involved with OpenSSF Projects15:27 Upcoming Event: SOSS Fusion17:47 The Value of Open Source Events21:48 Final Thoughts and Future Plans Resources: OpenSSF SOSS Fusion Guest: Christopher Robinson (aka CRob) is the Director of Security Communications at Intel Product Assurance and Security. CRob is a 41st level Dungeon Master and a 24th level Securityologist.  He has worked at several Fortune 500 companies with experience in the Financial, Medical, Legal, and Manufacturing verticals, and spent 6 years helping lead the Red Hat Product Security team as their Program Architect. CRob has been a featured speaker at Gartner’s Identity and Access Management Summit, RSA, BlackHat, DefCon, Derbycon, the (ISC)2 World Congress, and was named a "Top Presenter" for the 2017 and 2018 Red Hat Summits. CRob was the President of the Cleveland (ISC)2 Chapter, and is also a children's Cybersecurity Educator with the (ISC)2 Safe-and-Secure program. He holds a Certified Information Systems Security Professional (CISSP) certification, Certified Secure Software Lifecycle Professional (CSSLP) certification, and The Open Group Architecture Framework (TOGAF) certification. He is heavily involved in the Forum for Incident Response and Security Teams (FIRST) PSIRT SIG, collaborating in writing the FIRST PSIRT Services Framework, as well as the PSIRT Maturity Assessment framework. CRob is also the lead/facilitator of the Open Source Security Foundation (OpenSSF) Vulnerability Disclosures and OSS Developer Best Practices working groups as well as a Technical Advisory Committee (TAC) member.  He enjoys hats, herding cats, and moonlit walks on the beach.