
Sign up to save your podcasts
Or


Josh chats with Brian Fox from Sonatype about their 2026 State of the Software Supply Chain report. Most of the number continue to grow at alarming rates, but there's some new interesting findings in this one. We discuss end of life and open source which is tough to define. We touch on what using AI with open source dependencies looks like (and why it's broken), and we discuss the challenge of upgrading your open source dependencies in a way that doesn't break everything. It's a great report and great discussion.
The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2026/2026-03-SOTSSC-Brian-Fox/
By Josh Bressers4.7
4040 ratings
Josh chats with Brian Fox from Sonatype about their 2026 State of the Software Supply Chain report. Most of the number continue to grow at alarming rates, but there's some new interesting findings in this one. We discuss end of life and open source which is tough to define. We touch on what using AI with open source dependencies looks like (and why it's broken), and we discuss the challenge of upgrading your open source dependencies in a way that doesn't break everything. It's a great report and great discussion.
The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2026/2026-03-SOTSSC-Brian-Fox/

188 Listeners

289 Listeners

2,009 Listeners

369 Listeners

274 Listeners

375 Listeners

648 Listeners

1,030 Listeners

170 Listeners

317 Listeners

8,051 Listeners

313 Listeners

73 Listeners

98 Listeners

45 Listeners