EPISODE · Mar 20, 2025 · 28 MIN
The Software Risk That Affects Everyone and How To Address It with Michael Winser and Jarek Potiuk
from The Data Flowcast: Mastering Apache Airflow ® for Data Engineering and AI · host Astronomer
The security of open-source software is a growing concern, especially as dependencies and regulations become more complex, making it essential to understand how to manage software supply chains effectively. In this episode, we sit down with Michael Winser, Co-Founder at Alpha-Omega and Security Strategy Ambassador at Eclipse Foundation, and Jarek Potiuk, Member of the Security Committee at the Apache Software Foundation, to discuss the challenges of securing Airflow’s dependencies, the evolving landscape of open-source security and how contributors can help strengthen the ecosystem. Key Takeaways:(02:43) Jarek quit his full-time engineer position and uses Airflow as a freelancer. (04:32) Michael finds happiness in having meaningful work with open-source security.(07:01) Software supply chain security focuses on correctness, integrity and availability.(08:44) Airflow’s 790 dependencies present a unique security challenge.(09:43) Airflow’s security team has significantly improved its vulnerability response.(10:22) The transition to Airflow 3 emphasizes enterprise security readiness.(16:20) The ‘Three Fs’ approach: fix it, fork it, or forget it.(18:45) Dependency health is often more critical than fixing known vulnerabilities.(23:32) The ‘Three Fs’ in action. (26:26) Open-source contributors play a key role in supply chain security.Resources Mentioned:Michael Winser -https://www.linkedin.com/in/michaelw/Jarek Potiuk - https://www.linkedin.com/in/jarekpotiuk/Apache Airflow -https://airflow.apache.org/Apache Software Foundation | LinkedIn -https://www.linkedin.com/company/the-apache-software-foundation/Apache Software Foundation | Website -https://www.apache.org/Eclipse Foundation | LinkedIn -https://www.linkedin.com/company/eclipse-foundation/Eclipse Foundation | Website -https://www.eclipse.org/org/foundation/OpenSSF Working Groups -https://openssf.org/community/openssf-working-groups/Astronomer Roadshow: Exploring Apache Airflow 3 | Londonhttps://www.astronomer.io/events/roadshow/london/Astronomer Roadshow: Exploring Apache Airflow 3 | New Yorkhttps://www.astronomer.io/events/roadshow/new-york/Astronomer Roadshow: Exploring Apache Airflow 3 | Sydneyhttps://www.astronomer.io/events/roadshow/sydney/Astronomer Roadshow: Exploring Apache Airflow 3 | San Franciscohttps://www.astronomer.io/events/roadshow/san-francisco/Astronomer Roadshow: Exploring Apache Airflow 3 | Chicagohttps://www.astronomer.io/events/roadshow/chicago/Thanks for listening to “The Data Flowcast: Mastering Airflow for Data Engineering & AI.” If you enjoyed this episode, please leave a 5-star review to help get the word out about the show. And be sure to subscribe so you never miss any of the insightful conversations.#AI #Automation #Airflow #MachineLearning
What this episode covers
The security of open-source software is a growing concern, especially as dependencies and regulations become more complex, making it essential to understand how to manage software supply chains effectively. In this episode, we sit down with Michael Winser, Co-Founder at Alpha-Omega and Security Strategy Ambassador at Eclipse Foundation, and Jarek Potiuk, Member of the Security Committee at the Apache Software Foundation, to discuss the challenges of securing Airflow’s dependencies, the evolving landscape of open-source security and how contributors can help strengthen the ecosystem. Key Takeaways:(02:43) Jarek quit his full-time engineer position and uses Airflow as a freelancer. (04:32) Michael finds happiness in having meaningful work with open-source security.(07:01) Software supply chain security focuses on correctness, integrity and availability.(08:44) Airflow’s 790 dependencies present a unique security challenge.(09:43) Airflow’s security team has significantly improved its vulnerability response.(10:22) The transition to Airflow 3 emphasizes enterprise security readiness.(16:20) The ‘Three Fs’ approach: fix it, fork it, or forget it.(18:45) Dependency health is often more critical than fixing known vulnerabilities.(23:32) The ‘Three Fs’ in action. (26:26) Open-source contributors play a key role in supply chain security.Resources Mentioned:Michael Winser -https://www.linkedin.com/in/michaelw/Jarek Potiuk - https://www.linkedin.com/in/jarekpotiuk/Apache Airflow -https://airflow.apache.org/Apache Software Foundation | LinkedIn -https://www.linkedin.com/company/the-apache-software-foundation/Apache Software Foundation | Website -https://www.apache.org/Eclipse Foundation | LinkedIn -https://www.linkedin.com/company/eclipse-foundation/Eclipse Foundation | Website -https://www.eclipse.org/org/foundation/OpenSSF Working Groups -https://openssf.org/community/openssf-working-groups/Astronomer Roadshow: Exploring Apache Airflow 3 | Londonhttps://www.astronomer.io/events/roadshow/london/Astronomer Roadshow: Exploring Apache Airflow 3 | New Yorkhttps://www.astronomer.io/events/roadshow/new-york/Astronomer Roadshow: Exploring Apache Airflow 3 | Sydneyhttps://www.astronomer.io/events/roadshow/sydney/Astronomer Roadshow: Exploring Apache Airflow 3 | San Franciscohttps://www.astronomer.io/events/roadshow/san-francisco/Astronomer Roadshow: Exploring Apache Airflow 3 | Chicagohttps://www.astronomer.io/events/roadshow/chicago/Thanks for listening to “The Data Flowcast: Mastering Airflow for Data Engineering & AI.” If you enjoyed this episode, please leave a 5-star review to help get the word out about the show. And be sure to subscribe so you never miss any of the insightful conversations.#AI #Automation #Airflow #MachineLearning
NOW PLAYING
The Software Risk That Affects Everyone and How To Address It with Michael Winser and Jarek Potiuk
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m