Application security, DevOps, Vulnerability management

Challenges in Open Source Application Security – Shubhra Kar – ASW #163

Open Source is the new mainstream of software development. However not much attention is paid on security in the upstream community for creating robust and secure software. At the LF, we are working on some initiatives and tools to help bridge the gap between functional and secure code, so that the benefits flow downstream to all users of OSS.

Full episode and show notes


  • CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit to take the survey

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit to register now!


Shubhra Kar
Shubhra Kar
Global CTO and GM of Products & IT at The Linux Foundation

Shubhra is a passionate technology leader with over twenty years of experience in open source, cloud, enterprise architecture, DevOps, IoT and Realtime Monitoring and Analytics. Shubhra’s career spans early stage startups to NASDAQ-listed companies generating nearly $10B+ in annual revenue. He is a bottoms up Product leader, with previous lives of developer, enterprise architect, management consultant, pre-sales director, and chief evangelist before finding his calling in product management. At the Linux foundation, Shubhra created the LFX platform with services for every stage of the open source supply chain. He also runs the Cloud and Release engineering team serving 700 open source projects

He came to the Linux Foundation from Joyent/Samsung, where as VP of Products, he ran multiple product lines – primarily services like Multi-Cloud Kubernetes, Machine Learning, Serverless and Monitoring/Analytics/Logging/Tracing. Previous to Samsung, Shubhra served as VP of Product and Marketing at startups like InfluxData (#1 Time Series platform in the world) and StrongLoop (acquired by IBM) and is also the current Marketing Chair of the Node.js Foundation. He has also held management and technical leadership positions at CA Technologies and Infosys (India’s first startup to bluechip success story).


Mike Shema
Mike Shema
Security Partner at Square
John Kinsella
John Kinsella
Co-founder & CTO at Cysense
prestitial ad