Open Source Security

Josh discusses Suricata with Victor Julien, the founder and lead developer of the project. Victor explains the history of the project, its impact on cybersecurity, and the community that keeps it all running. Challenges like encrypted traffic and the evolution of open-source projects. Victor even gives us a glimpse into what he sees as the future of the project. There's a lot to learn about Suricata in this one. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2026/2026-01-suricata-victor-julien/

Josh talks to Gergely Nagy (algernon) about his tool Iocaine. Iocaine creates a maze to trap scraping bots in a world a fake pages they cannot escape. algernon tells us how Iocaine effectively traps bots by serving them endless loops of nonsensical URLs and web pages. It's an extremely clever tool that's designed to be completely hidden from normal users, but not hidden to the scrapers. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2026/2026-01-iocaine-algernon/

Josh chats with Xe Iaso, the creator of Anubis the web AI firewall. We discuss how Anubis is tackling bots and scrapers. The discussion around the scrapers is fascinating and challenging, these things are everywhere and don't behave very nicely. There's also discussion about running a successful open source project. Xe has a lot of experience to share with us, you're going to learn something new with this one. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2026/2026-01-anubis-xe/

Josh talk to Dirkjan and Joe about Rustls (pronounced rustles), a Rust-based TLS library. Dirkjan and Joe are developers on Rustls. We talk about the history that got us to this point. The many many challenges in writing a TLS library (Rust or not). We also chat about some of what's to come. Rustls has an OpenSSL compatibility layer which makes is a really interesting project. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-12-rustls-dirkjan-joe/

Josh welcomes back Daniel Thompson explore the rather silly question of whether Santa Claus needs to be compliant with the Cyber Resilience Act (CRA). This episode was intended to be silly, but it ended up being an incredibly interesting conversation. Daniel explained a great deal about how the CRA works and how it could apply to Santa Claus. The TL;DR is even if he's giving out free stuff, the CRA almost certainly applies. Daniel also fills us in on his book (you can email Josh to enter into a drawing for a copy), and his work on web browsers for the CRA. It's an incredibly informative discussion. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-12-daniel-cra-santa/