The Open Source Way-logo

The Open Source Way

Technology Podcasts

A podcast with open source enthusiasts about open source trends, topics and projects.




A podcast with open source enthusiasts about open source trends, topics and projects.




The Growing Importance of Software Bills of Materials (SBOM)

In this episode, our host Karsten Hohage talks to Max Mehl and Sebastian Wolf about Software Bills of Materials or SBOMs. An SBOM is a detailed record of all components within a software application, including open-source libraries, third-party dependencies and licenses. Max and Sebastian discuss the importance of SBOMs as well as some challenges and unanswered questions of the state of the art. They also speak with Karsten about SBOMs within SAP and Deutsche Bahn and the importance of SBOMs when it comes to open source.


Project “Foxhound” – Hunting Cross-Site Scripting on the Web

In this episode, our host Karsten Hohage talks to Thomas Barber about project “Foxhound”, an SAP-maintained fork of Firefox (the web browser) that is designed to detect security vulnerabilities in websites. Thomas discusses the history of “Foxhound”, how and why it was created, and its journey to becoming an open-source project. He talks about the importance of the collaborations that made Foxhound successful and about some of the challenges that it has faced along the way. Anyone who wants to get involved in this project is welcome to visit the GitHub page to learn more.


The TODO Group – Talk Openly, Develop Openly

In this episode our host Karsten Hohage talks to Ana Jiménez Santamaria about the TODO Group, a community dedicated to sharing knowledge, collaborating on practices, tools, and other ways to run effective Open Source Program Offices and similar initiatives. They discuss its history, mission, working mode, and how TODO Group provides a platform to connect peers and enables them to collaborate on projects that promote the integration of strategic open-source practices within different organizations. Everyone is welcome to join the TODO mission and contribute to the continuous development of best practices.


Open Component Model (OCM) – Describe, Transport, Deploy

OCM is an extensible standard accompanied by a toolset designed to enable the automation of many software-lifecycle-related processes. It can be defined as a common machine-readable format for describing software components, which serves as a Software Bill of Delivery (SBoD). In this episode, our guests Jason Kafka and Ingo Kober discuss with host Karsten Hohage about OCM and why it is run as open source. Jason and Ingo also talk about their vision for OCM’s future, its applications, and its challenges.


Summer Break 2023 - We'll be back in August!

Summer Break 2023 - We'll be back in August!


Credential Digger – detecting leaked secrets on GitHub

Credential Digger is an SAP Open-Source code scanner for detecting hardcoded secrets. In this episode, Slim Trabelsi discusses with host Karsten Hohage what led to the creation of Credential Digger and about its key differentiators. Slim also speaks of the early challenges of scanning for secrets, and lists the many advantages of using open source for building and maintaining Credential Digger. Open source comes with visibility for customers, and contributors can work on a project even before they join the team or after they leave, leading to improved continuity and a better tool overall.


Do Good and Talk about it!

In this episode, our host Karsten Hohage talks with Johannes Bechberger, who is an open-source developer at SAP. They discuss why and how Johannes promotes his work on SapMachine, OpenJDK, and profiling through blogging, speaking at conferences, and having a presence on social media. Johannes also shares tips and learnings collected on his journey of “doing good and talking about it”.


Debunking InnerSource Myths

In this episode, our host Karsten Hohage talks with our guests Georg Gruetter from Robert Bosch and Michael Picht from SAP about common concerns regarding InnerSource. They debunk some of the frequent myths surrounding InnerSource and explain the many benefits of its utilization, including its versatility and its innovative and collaborative nature. In the course of the conversation, they also discuss how InnerSource code can be maintained successfully and what can be done for quality control.


SUSE – Delivering automation and enterprise grade Open Source software to the SAP ecosystem

In this episode, our host Karsten Hohage talks with our guests Alan Clarke and Keith Seigel about SUSE Enterprise Linux and and Linux in general. The speakers discuss how the SUSE distribution relates to Linux as an open source project and and talk about the development of new projects like Trento. They also mention the certification process, the subscription for patches and updates, discuss an example of fixing a HANA on SUSE issue, and explain the importance of the long-standing partnership with SAP for SUSE's business.


SAP Cloud Application Programming Model (CAP) – A step-by-step journey towards open source

In this episode, our host Karsten Hohage talks with our guests Christian Georgi and Daniel Hutzel about the SAP Cloud Application Programming Model (CAP), a Software Development Kit (SDK) to build applications in the enterprise world. They speak about how CAP is gradually being open-sourced so that it can evolve with the help of its community. This will allow, for instance, the support of additional databases, consumption protocols, and UI frameworks. We also learn how the CAP team has engaged with the community so far and how this motivated them to open source it.


Project Piper – From InnerSource to Open Source

In this episode, our host Karsten Hohage talks with our guest Christoph Szymanski about Project Piper, an open source library for the creation of continuous integration and delivery pipelines. Christoph speaks about how Project Piper relates to the SAP-proprietary service “SAP Continuous Integration and Delivery“ and how Piper became a successful offering to anybody working with SAP development projects. We also learn why Christoph loves the unpopular task of writing tests and how these are the key factor to continuous delivery and integration.


Red Hat – Distributor and Mediator in the Open-Source World

In this episode, our host Karsten Hohage talks with our guest Arne Arnold from RedHat about Linux and the role of distributors in the open-source world. Arne speaks about his journey from SAP to RedHat and how the distributor made its way to become a catalyst for open-source communities. We also learn how Arne started his Linux career contributing to the search for extraterrestrial life from his student dormitory and about SAP’s contribution to Linux becoming the leading server operating system worldwide.


Linux Foundation – Building Trust in Software Supply Chains

In this episode, our host Karsten Hohage talks with our guest Shane Coughlan about OpenChain by the Linux Foundation and some other projects that build trust in the supply chain. Shane gives an overview of developments around open source and intellectual property over the last 20 years. We also learn about why OpenChain can be compared to shipping containers, and how organizations like the NSA have embraced Linux for secure US government operations.


Cloud Foundry – A One-Size-Fits-All Solution for Application Development

In this episode, our host Karsten Hohage talks with our guests Ruben Koster and Beyhan Veli about Cloud Foundry, a platform-as-a-service offering for application developers. Ruben and Beyhan talk about their personal journey with Cloud Foundry, how it works, and how it relates to VMware, Pivotal, and SAP. We also learn about their run for Cloud Foundry’s Technical Oversight Committee and their future vision for the platform.


wdi5 – UI5’s Open-Source End-to-End Testing Framework

In this episode, our host Karsten Hohage talks with our guests Volker Buzek and Peter Muessig about wdi5, an open-source end-to-end testing framework for UI5. Volker and Peter explain the history of wdi5, how to use it, and how it became a community project. We also learn about planned features of wdi5 and how to best get involved.


Open Source at VMware – Key Driver of Innovation

In this episode, our host Karsten Hohage talks with our guest Dr. Dawn Foster, PhD. from VMware about VMware’s open source strategy, and the importance of community and project health. Dawn explains project health metrics, how they contribute to improving projects, and how well-documented processes and governance help scale communities and keep them healthy. We also learn about Dawn’s impressive experience in the IT industry as she takes us through the various stages of her professional and academic career.


Open Source at Microsoft – ClearlyDefined and Open-Source Supply Chain Security

In this episode, our host Karsten Hohage talks to Nell Shamrell-Harrington from Microsoft and Sebastian Wolf from SAP about ClearlyDefined, a central data store for all open-source licenses across many different open-source ecosystems, and open source supply chain security at Microsoft. Nell explains both projects, talks about Microsoft’s open source history and evolution, and we also learn about the differences and similarities between Microsoft and SAP’s open source engagement from Sebastian.


Gaia-X, Catena-X, International Data Spaces – Three Initiatives, One Goal

In this episode, our host Karsten Hohage talks with Nemrude “Rudi” Verzano, head of Industry 4.0 and Digital Supply Chain Innovation at SAP, about the open-source initiatives in Gaia-X, Catena-X, and International Data Spaces that represent some of the cooperation efforts between the Fraunhofer Institute and some of SAP's large customers. Rudi explains the initiatives’ goals, how they came to be, and what benefits they offer. We also learn why joining forces with others can sometimes lead to the best results.


Mercedes-Benz FOSS – Open Source in the Automotive Industry

In this episode, our host Karsten Hohage talks with our guests Wolfgang Gehring and Christian Wege about FOSS at Mercedes-Benz Group AG. Wolfgang and Christian explain how and why Mercedes-Benz enables their employees to become and stay active in open source, which open-source projects they are working on, and how they contribute to the open-source world outside of Mercedes-Benz. We also learn why a so-called driver’s license is essential for working on open-source projects as a Mercedes-Benz employee.


Eclipse Dirigible – An Open-Source Platform for End-To-End Rapid Development of Business Applications

In this episode, our host Karsten Hohage talks with Yordan Pavlov and Dragomir Anachkov about the open-source projects Eclipse Dirigible, an application platform, and XSK, an environment compatible with SAP HANA Extended Application Services (XS). Yordan and Dragomir explain the projects, how they relate to each other, why they were open-sourced, and the benefits they offer. We also learn how they differ from similar projects out there and how to best contribute to them.