Anyone want to catch me up on the state of open source security? I remember after heart bleed there was a big effort to get critical open source projects better funding. Problem solved?? Still an issue?
-
-
Replying to @robknake
-Improvements:
@github tools, SBOM,@linuxfoundation efforts, DevOps tools, etc. -New attack surface: package managers. -Existing issues still remain: few contribs from corps, poor commit rigor, etc. cc@jlwilker@USSJoin@joshcorman@allanfriedman3 replies 0 retweets 4 likes -
Replying to @beauwoods @robknake and
I will gladly give you a full breakdown of all the edges of the issues I’m tracking. We’re overdue for a chat anyhow. Let’s DM as to when?
1 reply 0 retweets 1 like -
Replying to @joshcorman @beauwoods and
Can I get the cliff notes or be a fly on the wall for that?
1 reply 0 retweets 0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.


Repeat after me: Security is a Feature.