My talk at FOSS Backstage (see earlier post) was also covered by LWN.net, in an article by Joe Brockmeier. It’s an extensive summary of the talk.
Organizations relying on open-source software have a wide range of tools, scorecards, and methodologies to try to assess security, legal, and other risks inherent in their so-called supply chain. However, Max Mehl argued recently in a short talk at FOSS Backstage in Berlin (and online) that all of this objective information and data is insufficient to truly understand and address risk. Worse, this information doesn’t provide options to improve the situation and encourages a passive mindset. Mehl, who works as part of the CTO group at DB Systel, encouraged better risk assessment using qualitative data and direct participation in Open Source.
[…]
You’re invited to read the full article.
Comments