Josh and Kurt talk to Brian Fox from Sonatype and Donald Fischer from Tidelift about their recent reports as well as open source. There are really interesting connections between the two reports. The overall theme seems to be open source is huge, everywhere, and needs help. But all is no lost! There's some great ideas on what the future needs to look like.

• Donald Fischer
• Brian Fox
• Tidelift
• Sonatype
• The 2024 Tidelift state of the open source maintainer report
• Sonatype State of the Software Supply Chain
• Anchore 2024 Software Supply Chain Security Report
• OpenSSF TAC issue 101

Josh and Kurt talk about three government activities happening around security. CISA has a request for comment, and an international strategic plan around cybersecurity. These are both good ideas, and hopefully will help drive change. But we also discuss an EU proposal that brings liability rules to software which sounds like a great way to force change to happen.

• Request for Comment on Product Security Bad Practices Guidance
• FY2025-2026 CISA International Strategic Plan
• EU brings product liability rules in line with digital age and circular economy
• CSA Cloud Controls Matrix

Josh and Kurt talk about the Meshtastic open source project. It's a really slick mesh radio system that runs on very cheap radio equipment. This episode isn't very security related (there are a few things), but it is very open source.

• Meshtastic
• Heltec LoRa 32(V3) Radio
• 465 Rutgers University Confirmed: Meshtastic and LoRa are dangerous
• Meshtastic Routing Issues & Deployment Scenarios
• TC2-BBS-mesh
• The Comms Channel
• Josh's BBS
• Heltec T114 bug