What's in the SOSS? An OpenSSF Podcast Building Trust in Open Source: Seth Larson's Journey from Maintainer to Security Leader
7 snips
Oct 21, 2025 In this engaging discussion, Seth Larson, a Security Developer in Residence at the Python Software Foundation and an esteemed open source maintainer, shares his journey from managing urllib3 to becoming a security leader. He emphasizes the crucial role of public documentation in shaping security practices. Seth explores how to support maintainers technically and emotionally while fostering trust in the community. He discusses the importance of collaborating with academic circles and shares his approach to making security more accessible. Plus, he reveals his fondness for retro Nintendo games!
AI Snips
Chapters
Transcript
Episode notes
Share Security Work Publicly
- Publish your security work and rationale publicly to share knowledge and invite collaboration.
- Use documentation to help other foundations adopt proven practices and avoid reinventing solutions.
Ask For Help On Security Reports
- Ask for help when you're a maintainer facing a vulnerability or unfamiliar security workflow.
- Reach out to trusted individuals or foundations instead of handling isolating security tasks alone.
Make Security Secure-By-Default
- Design tooling and defaults so users achieve secure outcomes without changing workflows.
- Prefer secure-by-default changes that minimize friction for existing users.