Anyone want to catch me up on the state of open source security? I remember after heart bleed there was a big effort to get critical open source projects better funding. Problem solved?? Still an issue?
In non-funding OSSsec challenges, the ones that scare me most: * intentionally toxic communities that regard “SJWs” (or other epithets) as the problem (causing long-term resilience failures); * dev personal ATOs that can allow attackers to distribute malware (e.g., on Rubygems).