The Gemara Project: GRC Engineering Model for Automated Risk Assessment

The Gemara Project: GRC Engineering Model for Automated Risk Assessment

From What's in the SOSS? An OpenSSF Podcast by OpenSSF

March 10, 2026 · 17 min · Season 3 · Episode 7

About this episode

Hannah Braswell and Jenn Power discuss the Gemara project, a model for automated risk assessment in GRC.

Hannah Braswell and Jenn Power, security engineers from Red Hat and contributors to the OpenSSF, join host Sally Cooper to discuss the Gemara project. Gemara, an acronym for GRC Engineering Model for Automated Risk Assessment, is a seven-layer logical model that aims to solve the problem of incompatibility in the GRC (Governance, Risk, and Compliance) stack. By outlining a separation of concerns, the project seeks to enable engineers to build secure and compliant systems without needing to be...

People in this episode

Host: Sally Cooper

Guests: Hannah Braswell, Jenn Power

Topics covered

  • GRC
  • risk assessment
  • security engineering
  • compliance
  • software development

Keywords

  • Gemara
  • GRC Engineering Model
  • automated risk assessment
  • security
  • compliance

Mentioned in this episode

Organizations: Red Hat, OpenSSF

Books & works: Gemara

More episodes of What's in the SOSS? An OpenSSF Podcast

Explore listener stats, chart rankings, contacts and more on the What's in the SOSS? An OpenSSF Podcast podcast page.