The open source community is a hub of innovation and there is no doubt that open-source software helps to prop up stacks everywhere, from the smallest firms through to the largest names in the tech industry.

However, concerns have been raised in recent years over the security of open-source supply chains. Notable incidents such as Log4Shell have acted as a reminder to businesses and governments alike that a chain is only as strong as its weakest link.

In this episode, Jane and Rory are joined by Brian Fox, CTO of software supply chain management at Sonatype to discuss how the ecosystem can be made safer, and the role that developers, companies, and governments can play.