Sign up to save your podcasts
Or
Share Open Source Software Supply Chain Security & The Real Crisis Behind XZ Utils - Luis Villa - ASW #287
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Open Source Software Supply Chain Security & The Real Crisis Behind XZ Utils - Luis Villa - ASW #287
Open source has been a part of the software supply chain for decades, yet many projects and their maintainers remain undersupported by the companies that consume them. The security responsibilities for project owners has increased not only in dealing with security disclosures, but in maintaining secure processes backed by strong authentication and trust.
Segment Resources:
- https://www.cisa.gov/news-events/news/lessons-xz-utils-achieving-more-sustainable-open-source-ecosystem
- https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094
- https://www.cisa.gov/securebydesign/pledge
- https://tidelift.com/about/press-releases/tidelift-study-reveals-that-despite-increasing-demands-from-government-and-industry-60-of-maintainers-are-still-unpaid-volunteers
- https://blog.tidelift.com/paying-maintainers-the-howto
Show Notes: https://securityweekly.com/asw-287
View all episodes
By Security Weekly Productions
4.7
3535 ratings
Open source has been a part of the software supply chain for decades, yet many projects and their maintainers remain undersupported by the companies that consume them. The security responsibilities for project owners has increased not only in dealing with security disclosures, but in maintaining secure processes backed by strong authentication and trust.
Segment Resources:
- https://www.cisa.gov/news-events/news/lessons-xz-utils-achieving-more-sustainable-open-source-ecosystem
- https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094
- https://www.cisa.gov/securebydesign/pledge
- https://tidelift.com/about/press-releases/tidelift-study-reveals-that-despite-increasing-demands-from-government-and-industry-60-of-maintainers-are-still-unpaid-volunteers
- https://blog.tidelift.com/paying-maintainers-the-howto
Show Notes: https://securityweekly.com/asw-287
More shows like Security Weekly Podcast Network (Video)
View all
Security Now (Audio)
2,009 Listeners
RunAs Radio
83 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
Network Break
101 Listeners
CyberWire Daily
1,020 Listeners
Security Weekly News (Audio)
33 Listeners
The Matt Walsh Show
28,414 Listeners
CISO Series Podcast
189 Listeners
Cyber Security Headlines
139 Listeners
Morning Wire
26,616 Listeners