The open source software ecosystem has always faced tough challenges related to community, governance, and scalability. More than ever before, much conversation about open source struggles is devoted to the security of the software supply chain, especially when considering the unique challenges of a distributed, often anonymous, community-based development team.
Josh Bressers, VP of Security at Anchore, fellow podcaster and Open SSF volunteer, joins us to talk about why, despite these challenges, open source isn’t broken and how to address the very human aspects of open source security and communities.
Resources:
Avoiding the success trap: Toward policy for open-source software as infrastructure
All About SBOMs: The Software Bill of Materials