The global open source ecosystem has millions of projects and observing and participating individuals, who are trying to find their ways to collaborate on activities and finding solutions to fulfill a shared mission. An ecosystem that large inevitably has challenges to remain a balanced, sustainable and welcoming environment.
The My Open Source Experience Podcast collects and shares stories that describe people's experiences from their point of view. All experiences matter, the good, the bad, lessons that you've learned and challenges you still have.
The hosts, Ildiko and Phil are talking to open source, veterans, newbies, their managers, and just really, anybody who is either already involved in the open source ecosystem, or would like to. This podcast is all about the individuals, their voices and their experiences and what they've been through ever since they started to think about or getting involved in open source.
The podcast is under the CC BY 4.0 license.
Hosted on Acast. See acast.com/privacy for more information.
The global open source ecosystem has millions of projects and observing and participating individuals, who are trying to find their ways to collaborate on activities and finding solutions to fulfill a shared mission. An ecosystem that large inevitably has challenges to remain a balanced, sustainable and welcoming environment.
The My Open Source Experience Podcast collects and shares stories that describe people's experiences from their point of view. All experiences matter, the good, the bad, lessons that you've learned and challenges you still have.
The hosts, Ildiko and Phil are talking to open source, veterans, newbies, their managers, and just really, anybody who is either already involved in the open source ecosystem, or would like to. This podcast is all about the individuals, their voices and their experiences and what they've been through ever since they started to think about or getting involved in open source.
The podcast is under the CC BY 4.0 license.
Hosted on Acast. See acast.com/privacy for more information.
Software supply chain security has been on the top of minds lately, for a very good reason. With most steps depending on digital infrastructure, there are a lot of opportunities for cyber attacks to happen. At the same time, there is an often silent mistrust in open source software, because it is designed and developed in public environments. People think that because everyone can see the source code, and is aware of some of the bugs in it that aren't fixed yet, it somehow gives them the upper hand to carry out attacks against these projects. There's something odd about this perception though.
In this MOSE Shorts segment, Wayne Starr shares his view on the state of software supply chain security in the open source ecosystem. He highlights the XZ incident, and how it was caught because the software was open source. He also highlights that this challenge is also present in closed source software, however, it is much harder to spot. This makes proprietary software even less secure, and you have to work twice as much to ensure that you are well protected when using it. Think about the "SolarWinds vulnerability" as an example.
Learn more about:
- Why the open environment is an advantage fro security perspective
- SBOMs and their applicability and application in different ecosystems, like Go, Python or C
- Why it matters how you release software
- Can people still be hobbyists in the open source ecosystem?
- User experience, air-gapped environments and the Zarf project
- The productization work that turns open source projects into products
- A case for experimenting with something in the product first, and then implementing it in the upstream project
Hosted on Acast. See acast.com/privacy for more information.
