Broadcasts.com - "Open Source Software Supply Chain Security & The Real Crisis Behind XZ Utils - Luis Villa - ASW #287" (Application Security Weekly (Video))

News
RELATED

Open Source Software Supply Chain Security & The Real Crisis Behind XZ Utils - Luis Villa - ASW #287

Published: June 4, 2024, 2:07 p.m.

Open source has been a part of the software supply chain for decades, yet many projects and their maintainers remain undersupported by the companies that consume them. The security responsibilities for project owners has increased not only in dealing with security disclosures, but in maintaining secure processes backed by strong authentication and trust.

Segment Resources:

https://www.cisa.gov/news-events/news/lessons-xz-utils-achieving-more-sustainable-open-source-ecosystem
https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094
https://www.cisa.gov/securebydesign/pledge
https://tidelift.com/about/press-releases/tidelift-study-reveals-that-despite-increasing-demands-from-government-and-industry-60-of-maintainers-are-still-unpaid-volunteers
https://blog.tidelift.com/paying-maintainers-the-howto

Show Notes: https://securityweekly.com/asw-287