Anyone want to catch me up on the state of open source security? I remember after heart bleed there was a big effort to get critical open source projects better funding. Problem solved?? Still an issue?
-
-
What Beau said. GitHub launched Sponsors (https://github.com/sponsors ) which is our attempt to help (still in beta, but we’re doing awesome stuff, so stay tuned) in some of the funding challenges, and others are trying to help there as well—but lots of non-funding challenges remain.
-
Do you have a way of identifying the most under-resourced/most critical open source projects?
- 3 more replies
New conversation -
-
-
A decent summary of how much things aren't solved: https://arstechnica.com/information-technology/2019/08/the-year-long-rash-of-supply-chain-attacks-against-open-source-is-getting-worse/ … and a pessimistic take https://opensourcesecurity.io/2019/08/28/backdoors-in-open-source-are-here-to-stay/ … (which SBOM can help with)
-
thanks Allan -- just when I was having one of those "England can make it" moments, you come in all doom and gloom. I might as well invite
@adamshostack into the conversation to pile on to the "everything is horrible" party - 1 more reply
New conversation -
-
-
I will gladly give you a full breakdown of all the edges of the issues I’m tracking. We’re overdue for a chat anyhow. Let’s DM as to when?
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.