What's in the SOSS? An OpenSSF Podcast From Compliance to Community: Meeting CRA Requirements Together
7 snips
Jul 29, 2025 Michael Winser from Alpha Omega highlights the importance of community connections in open-source security. Ulf Riehm, Product Owner at Herrmann Ultraschall, discusses the integration of security into automation using a specialized tech stack. Jonatan Männchen, CISO at the Erlang Ecosystem Foundation, emphasizes compliance with the CRA and fostering a collaborative security culture. Together, they explore how proactive community engagement and transparency can enhance security practices across ecosystems.
AI Snips
Chapters
Transcript
Episode notes
Serendipitous Community Connections
- Michael and Jonatan connected through talks and public meetings like FOSDEM and SBOM Fringe events.
- Their chance meeting sparked ongoing collaboration in the Erlang and Alpha Omega communities.
Trust Through Independent Foundations
- Foundations like Erlang Ecosystem Foundation build trust by supporting ecosystem security rather than in-house or outsourced efforts.
- Outsourcing security can reduce trust with customers, so funding independent foundations benefits everyone.
Normalize Security Practices
- Developers and organizations should bring in security experts to reduce risk and improve community security.
- Normalizing security awareness and practices across projects raises ecosystem-wide safety and reduces vulnerabilities.