Tidelift

Josh and Kurt talk to Brian Fox from Sonatype and Donald Fischer from Tidelift about their recent reports as well as open source. There are really interesting connections between the two reports. The overall theme seems to be open source is huge, everywhere, and needs help. But all is no lost! There’s some great ideas on what the future needs to look like. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_454_The_state_of_open_source_with_Brian_Fox_from_Sonatype_and_Donald_Fischer_from_Tidelift.mp3 Show Notes Donald Fischer Brian Fox Tidelift Sonatype The 2024 Tidelift state of the open source maintainer report Sonatype State of the Software Supply Chain Anchore 2024 Software Supply Chain Security Report OpenSSF TAC issue 101

Josh and Kurt talk about the 2024 Tidelift maintainer report. The report is pretty big and covers a ton of ground. We focus in a few of the statistics that should worry anyone who uses open source. We’ve known for a while developers are struggling, and the numbers back that up. This one feels like the old “we’ve tried nothing and we’re all out of ideas”. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_447_The_Tidelift_2024_open_source_maintainer_report.mp3 Show Notes THE 2024 TIDELIFT STATE OF THE OPEN SOURCE MAINTAINER REPORT Canadian passport Changelog Interviews #433 Pandas CVE