Anyone want to catch me up on the state of open source security? I remember after heart bleed there was a big effort to get critical open source projects better funding. Problem solved?? Still an issue?
-
-
Do you have a way of identifying the most under-resourced/most critical open source projects?
-
I believe the Census is in the process of being updated.https://www.coreinfrastructure.org/programs/census-project/ …
- 2 more replies
New conversation -
-
-
Any USG support?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
In non-funding OSSsec challenges, the ones that scare me most: * intentionally toxic communities that regard “SJWs” (or other epithets) as the problem (causing long-term resilience failures); * dev personal ATOs that can allow attackers to distribute malware (e.g., on Rubygems).
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Dependency graph and dependency vulnerability alerts are also awesome. https://help.github.com/en/articles/listing-the-packages-that-a-repository-depends-on …
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.