Cybersecurity and Infrastructure Security Agency’s Post

"Every technology manufacturer that profits from open source software must do their part by being responsible consumers of and sustainable contributors to the open source packages they depend on. In line with our Secure by Design initiative, the burden of security shouldn’t fall on an individual open source maintainer" This is 100% the correct conclusion to draw from the recent xz incident. Fear is not the answer, tighter control is not the answer, shaming and abusing OSS maintainers even more is not the answer. The answer is investing in your codebase, and realizing that it extends beyond just the stuff in your git repositories. The answer is investing in your contributors, and realizing that they aren't just the people on your payroll. Our current usage of OSS is predatory and exploitative, and the consequences will continue to escalate until that changes.

Read key report takeaways: The State of Software Supply Chain Security 2024: https://lnkd.in/gCNh_QhW

Dive into the future of AppSec with Tomislav Pericin, Chief Software Architect & Co-founder at RL! Check out the full conversation here: https://lnkd.in/et3FKZaU Watch as he discusses Spectra Assure Community, our new, free platform that tracks the security of open source software packages. Don't miss this exclusive talk on Techstrong!  #AppSec #OpenSource #SoftwareSupplyChainSecurity

The 2024 State of Open Source Report is now available! Last fall, OpenLogic by Perforce collaborated with the Eclipse Foundation and the Open Source Initiative (OSI) to survey 2,000 open source users around the world. The State of Open Source Report is the result of this effort, and reveals why organizations choose open source software, which technologies are trending, and how they are handling security and support challenges. Read the press release to learn more >> https://ter.li/xe6tvy

Why single vendor OSS is the new proprietary << --- such a great article! "Single vendor isn’t a reasonable way to do Open Source and resist evil proprietary software. It’s just another way to do proprietary software." "True evil lies in deception and hypocrisy: Claiming openness while practicing proprietary tactics (openwashing)" "Beware of single-vendor Open Source software, it’s a proprietary development model that happens to temporarily use Open Source licensing. So yes, let’s all agree: Single vendor is the new proprietary." https://lnkd.in/gSvF55WR

Free software often comes at a cost. It sounds like a contradiction, but the consequences of using the free version of open-source software can create a surprisingly high price tag. Download this paper to hear from real-world Red Hat Enterprise public sector users and see why they opted for the Enterprise versions of Red Hat solutions. #opensource

Free software often comes at a cost. It sounds like a contradiction, but the consequences of using the free version of open-source software can create a surprisingly high price tag. Download this paper to hear from real-world Red Hat Enterprise public sector users and see why they opted for the Enterprise versions of Red Hat solutions. #opensource

Free software often comes at a cost. It sounds like a contradiction, but the consequences of using the free version of open-source software can create a surprisingly high price tag. Download this paper to hear from real-world Red Hat Enterprise public sector users and see why they opted for the Enterprise versions of Red Hat solutions. #opensource

Free software often comes at a cost. It sounds like a contradiction, but the consequences of using the free version of open-source software can create a surprisingly high price tag. Download this paper to hear from real-world Red Hat Enterprise public sector users and see why they opted for the Enterprise versions of Red Hat solutions. #opensource