Skip to main content

Search

Items tagged with: SoftwareSupplyChainSecurity


Any experienced C developers among my followers? #BoostsWelcome.

Expat, arguably the world's most popular #XML parser, is understaffed and without funding. As #xz has shown, situations like this are dangerous.

Last month, maintainer Sebastian Pipping put up a plea for help at github.com/libexpat/libexpat/b…

(I would help myself, but my C skills barely surpass "Hello, World".)

Found via @timbray - cosocial.ca/@timbray/112203547…

#libexpat
#SoftwareSupplyChainSecurity #OpenSource #OpenSourceMaintainer
#C


I think the #xz incident is teaching us that our infrastructure is dangerously fragile in the face of well-organized/funded attackers. The response isn’t “try harder” or “donate to your OSS project”, it needs to be institutional, professional, and at scale.

So, here’s my proposal, called “OSQI”, aimed at starting a how-to discussion: tbray.org/ongoing/When/202x/20…