The security of open-source software is a growing concern, especially as dependencies and regulations become more complex, making it essential to understand how to manage software supply chains effectively. 

In this episode, we sit down with Michael Winser, Co-Founder at Alpha-Omega and Security Strategy Ambassador at Eclipse Foundation, and Jarek Potiuk, Member of the Security Committee at the Apache Software Foundation, to discuss the challenges of securing Airflow’s dependencies, the evolving landscape of open-source security and how contributors can help strengthen the ecosystem.

 

Key Takeaways:

(02:43) Jarek quit his full-time engineer position and uses Airflow as a freelancer. 

(04:32) Michael finds happiness in having meaningful work with open-source security.

(07:01) Software supply chain security focuses on correctness, integrity and availability.

(08:44) Airflow’s 790 dependencies present a unique security challenge.

(09:43) Airflow’s security team has significantly improved its vulnerability response.

(10:22) The transition to Airflow 3 emphasizes enterprise security readiness.

(16:20) The ‘Three Fs’ approach: fix it, fork it, or forget it.

(18:45) Dependency health is often more critical than fixing known vulnerabilities.

(23:32) The ‘Three Fs’ in action. 

(26:26) Open-source contributors play a key role in supply chain security.

Resources Mentioned:

Michael Winser -

https://www.linkedin.com/in/michaelw/

Jarek Potiuk -

https://www.linkedin.com/in/jarekpotiuk/

Apache Airflow -

https://airflow.apache.org/

Apache Software Foundation | LinkedIn -

https://www.linkedin.com/company/the-apache-software-foundation/

Apache Software Foundation | Website -

https://www.apache.org/

Eclipse Foundation | LinkedIn -

https://www.linkedin.com/company/eclipse-foundation/

Eclipse Foundation | Website -

https://www.eclipse.org/org/foundation/

OpenSSF Working Groups -

https://openssf.org/community/openssf-working-groups/

Astronomer Roadshow: Exploring Apache Airflow 3 | London

https://www.astronomer.io/events/roadshow/london/

Astronomer Roadshow: Exploring Apache Airflow 3 | New York

https://www.astronomer.io/events/roadshow/new-york/

Astronomer Roadshow: Exploring Apache Airflow 3 | Sydney

https://www.astronomer.io/events/roadshow/sydney/

Astronomer Roadshow: Exploring Apache Airflow 3 | San Francisco

https://www.astronomer.io/events/roadshow/san-francisco/

Astronomer Roadshow: Exploring Apache Airflow 3 | Chicago

https://www.astronomer.io/events/roadshow/chicago/

Thanks for listening to “The Data Flowcast: Mastering Airflow for Data Engineering & AI.” If you enjoyed this episode, please leave a 5-star review to help get the word out about the show. And be sure to subscribe so you never miss any of the insightful conversations.

#AI #Automation #Airflow #MachineLearning