Open Source Software Supply Chain Security & The Real Crisis Behind XZ Utils – Luis Villa – ASW #287
Open source has been a part of the software supply chain for decades, yet many projects and their maintainers remain undersupported by the companies that consume them. The security responsibilities for project owners has increased not only in dealing with security disclosures, but in maintaining secure processes backed by strong authentication and trust.
Segment Resources:
- https://www.cisa.gov/news-events/news/lessons-xz-utils-achieving-more-sustainable-open-source-ecosystem
- https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094
- https://www.cisa.gov/securebydesign/pledge
- https://tidelift.com/about/press-releases/tidelift-study-reveals-that-despite-increasing-demands-from-government-and-industry-60-of-maintainers-are-still-unpaid-volunteers
- https://blog.tidelift.com/paying-maintainers-the-howto
Announcements
Dive into cybersecurity with CyberRisk Alliance for exclusive insights from RSA Conference 2024. Explore executive interviews with industry leaders, uncovering visionary perspectives on threats and strategies. Delve into curated articles on trends and innovations, equipping yourself with essential knowledge for today's cyber landscape. Visit securityweekly.com/RSAC for expert guidance and inspiration in navigating cybersecurity challenges confidently.
Guest
Luis Villa is co-founder at Tidelift and board member at Creative Commons and OpenET. During his career, he has been a top open source lawyer, a programmer, and a community manager. In previous roles, he has worked in the legal departments at the Wikimedia Foundation and Mozilla, and served on community-elected boards at the Open Source Initiative and GNOME Foundation.
Hosts
