
The Gemara Project: GRC Engineering Model for Automated Risk Assessment
From What's in the SOSS? An OpenSSF Podcast by OpenSSF
March 10, 2026 · 17 min · Season 3 · Episode 7
About this episode
Hannah Braswell and Jenn Power discuss the Gemara project, a model for automated risk assessment in GRC.
Hannah Braswell and Jenn Power, security engineers from Red Hat and contributors to the OpenSSF, join host Sally Cooper to discuss the Gemara project. Gemara, an acronym for GRC Engineering Model for Automated Risk Assessment, is a seven-layer logical model that aims to solve the problem of incompatibility in the GRC (Governance, Risk, and Compliance) stack. By outlining a separation of concerns, the project seeks to enable engineers to build secure and compliant systems without needing to be...
People in this episode
Host: Sally Cooper
Guests: Hannah Braswell, Jenn Power
Topics covered
- GRC
- risk assessment
- security engineering
- compliance
- software development
Keywords
- Gemara
- GRC Engineering Model
- automated risk assessment
- security
- compliance
Mentioned in this episode
Organizations: Red Hat, OpenSSF
Books & works: Gemara
More episodes of What's in the SOSS? An OpenSSF Podcast
- The Ghost in the Dependency Tree: Navigating Open Source End-of-Life with HeroDevs · June 2, 2026 · 27 min
- Beginner to Builder: Shaping the Conversation in Open Source Security · May 19, 2026 · 26 min
- Packaging, Transferring, and Deploying Software in Air-Gapped Environments with Zarf · May 5, 2026 · 19 min
- Building a Connected Africa: The Origin Story of OSSAfrica with Prince Asiedu · April 21, 2026 · 27 min
- Big Thoughts, Open Sources Inaugural Episode: Beyond the Hype: Brian Fox on Securing the Agentic Future of Open Source · April 7, 2026 · 29 min
- From Noise to Signal: Security Expertise and Kusari Inspector with Mike Lieberman · March 24, 2026 · 25 min
Explore listener stats, chart rankings, contacts and more on the What's in the SOSS? An OpenSSF Podcast podcast page.