In this episode, Omkhar talks to Mark Russinovich, CTO of Microsoft Azure. Mark oversees the technical strategy and architecture of Microsoft’s cloud computing platform. Mark is also on the Governing Board of the OpenSSF. He’s a widely recognized expert in distributed systems, operating system internals, and cybersecurity. Mark’s also the author of the Jeff Aiken cyberthriller novels Zero Day, Trojan Horse and Rogue Code, and co-author of the Microsoft Press Windows Internals books.00:36 - Mark on his role at Azure01:30 - Where AI is headed and its impact on enterprises04:06 - The task of teaching a machine learning model to unlearn Harry Potter06:32 - The good and bad of AI hallucinations10:35 - The promise of more secure open source software via AI13:05 - Mark answers Omkhar’s “rapid-fire” questions: mild or spicy food, Vim, Emacs or VS Code and tabs or spaces15:01 - Why aspiring software engineers should still learn to codeEpisode links:Mark Russinovich’s LinkedIn pagePress Release: OpenSSF to Support Darpa on New AI Cyber Challenge (AIxCC)

In this episode, Omkhar talks to Christoph Kern, Principal Software Engineer in Google’s Information Security Engineering organization. Christoph helps to keep Google’s products secure and users safe. His main focus is on developing scalable, principled approaches to software security.00:42 - Christoph offers a rundown of his duties at Google01:38 - Google’s general approach to security03:02 - What Christoph describes as “stubborn vulnerabilities” and how to stop them06:42 - An overview of Google’s security ecosystem10:00 - Why memory safety is so important12:23 - Solving memory safety problems via languages16:23 - Omkhar’s rapid-fire questions18:28 - Why Christoph thinks this may be a great time for young professionals to enter the cybersecurity industryEpisode links:Blog: Tackling Cybersecurity Vulnerabilities Through Secure by DesignReport: Secure by Design: Google’s Perspective on Memory SafetyWhite House Press Release: Future Software Should be Memory SafeBlog: OpenSSF Supports White House’s Efforts to Build More Secure and Measurable SoftwareResearch: Developer Ecosystems for Software Safety: Continuous Assurance at Scale

Omkhar talks to Vincent Danen, Vice President of Product Security at Red Hat, which is responsible for security and compliance activities for all Red Hat products and services. He’s also on the Governing Board of the OpenSSF. Vincent has been involved with open source and software security for over 20 years, leading security teams and participating in open source communities and development.Links: Vincent Danen’s LinkedIn pageRed Hat Product Security Vulnerability ManagementOpenSSF Security Toolbelt

Omkhar Arasaratnam is the General Manager of the Open Source Security Foundation (OpenSSF) and a veteran cybersecurity and technical risk management executive. Before joining the OpenSSF, he led security organizations at financial and technology institutions, such as Google, JPMorgan Chase, Credit Suisse, Deutsche Bank, TD Bank Group, and IBM. As a seasoned technology leader, Omkhar has revolutionized the effectiveness of secure software engineering, compliance, and cybersecurity controls. He is also an accomplished author and has led contributions to many international standards. In this short preview, Omkhar offers a sneak peek into the coming What's in the SOSS? podcast series.