Navigating the Intersection of Open Source, AI, and Cybersecurity in Business with Paula Paul

In this podcast episode, host Dave Sobel interviews Paula Paul, the founder and distinguished engineer at Grayshore, about the importance of open source in businesses. Paula emphasizes that open source is already deeply integrated into most commercial applications, with a vast majority of software relying on open-source libraries. She highlights the need for businesses to effectively manage and secure their open-source dependencies, especially in light of recent instances where open-source has been used as an attack vector for social engineering.


Paula discusses the challenges faced by organizations in managing dependencies on open-source packages, which have significantly increased in complexity over the years. She advises businesses to become more aware of the open-source packages they rely on and to prioritize securing customer-facing assets. Paula also recommends getting involved with organizations like the OpenJS Foundation and leveraging services from companies like Tidelift and HeroDevs to support and secure open-source dependencies.


The conversation delves into the risks and benefits of using open-source software, highlighting the potential for social engineering attacks and licensing issues. Paula argues that the open-source model offers more agility and community support compared to closed-source solutions but also stresses the importance of contributing back to the open-source ecosystem. She encourages businesses to support the preservation of open source as a valuable natural resource and to align their missions with the values of the open-source community.


As the discussion turns to the intersection of AI and open source, Paula sees opportunities for leveraging AI tools to enhance open-source projects, particularly in areas like code analysis and testing. She suggests that service organizations looking to engage with open source should explore projects within foundations like the OpenJS Foundation, Finos, and CNCF. Paula emphasizes the importance of human expertise in cybersecurity and the need for continuous monitoring and rapid response in today’s threat landscape.


Supported by:



All our Sponsors:

All our Sponsors:

Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech:

Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on

Support the show on Patreon:

Want our stuff? Cool Merch? Wear “Why Do We Care?” – Visit

Follow us on:







Liked it? Take a second to support Dave Sobel on Patreon!
Become a patron at Patreon!