Anyone want to catch me up on the state of open source security? I remember after heart bleed there was a big effort to get critical open source projects better funding. Problem solved?? Still an issue?
-
-
Replying to @robknake
-Improvements:
@github tools, SBOM,@linuxfoundation efforts, DevOps tools, etc. -New attack surface: package managers. -Existing issues still remain: few contribs from corps, poor commit rigor, etc. cc@jlwilker@USSJoin@joshcorman@allanfriedman3 replies 0 retweets 4 likes -
Replying to @beauwoods @robknake and
What Beau said. GitHub launched Sponsors (https://github.com/sponsors ) which is our attempt to help (still in beta, but we’re doing awesome stuff, so stay tuned) in some of the funding challenges, and others are trying to help there as well—but lots of non-funding challenges remain.
4 replies 2 retweets 3 likes
Replying to @USSJoin @beauwoods and
Any USG support?
6:50 AM - 6 Sep 2019
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.