I chat with Aaron Lippold, creator of MITRE's Security Automation Framework (SAF), to discuss how to escape the pain of manual STIG compliance. We explore the technical details of open-source tools like InSpec, Heimdall, and Vulcan that automate validation, normalize diverse security data, and streamline the entire security authoring process. The show notes and blog post for this episode can be found at <a href= "https://opensourcesecurity.io/2025/2025-06-stig-automation-aaron-lippold/"> https://opensourcesecurity.io/2025/2025-06-stig-automation-aaron-lippold/</a>

I chat with Aaron Lippold, creator of MITRE's Security Automation Framework (SAF), to discuss how to escape the pain of manual STIG compliance. We explore the technical details of open-source tools like InSpec, Heimdall, and Vulcan that automate validation, normalize diverse security data, and streamline the entire security authoring process. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-06-stig-automation-aaron-lippold/

I chat with Aaron Lippold, creator of MITRE's Security Automation Framework (SAF), to discuss how to escape the pain of manual STIG compliance. We explore the technical details of open-source tools like InSpec, Heimdall, and Vulcan that automate validation, normalize diverse security data, and streamline the entire security authoring process. The show notes and blog post for this episode can be found at <a href="https://opensourcesecurity.io/2025/2025-06-stig-automation-aaron-lippold/" rel="noopener noreferrer"> https://opensourcesecurity.io/2025/2025-06-stig-automation-aaron-lippold/</a>

STIG automation with Aaron Lippold

Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works.

There’s a lot of good work happening that doesn’t get attention because there’s no marketing department behind it, they don’t have a developer relations team posting on LinkedIn every two hours. Let’s focus on those people and teams then learn what they do and how they do it. The goal is to hear from the people doing the work, they know what’s up, they have a lot to teach us. We just have to listen.

Technology

Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works. There’s a lot of good work happening that doesn’t get attention because there’s no marketing department behind it, they don’t have a developer relations team posting on LinkedIn every two hours. Let’s focus on those people and teams then learn what they do and how they do it. The goal is to hear from the people doing the work, they know what’s up, they have a lot to teach us. We just have to listen.

Share STIG automation with Aaron Lippold

Sign up to save your podcasts

STIG automation with Aaron Lippold

STIG automation with Aaron Lippold

More shows like Open Source Security

Security Now (Audio)

Risky Business

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

The Changelog: Software Development, Open Source

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

LINUX Unplugged

Hacked

CyberWire Daily

Late Night Linux

Smashing Security

Darknet Diaries

Hacking Humans

Defense in Depth

2.5 Admins

Risky Bulletin