Episode 343

Episode 343 - Stop trying to fix the open source software supply chain

Open Source Security · Open Source Security

October 3, 202232m 24s

Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

Josh and Kurt talk about a blog post that explains there isn't really an open source software supply chain. The whole idea of open source being one thing is incorrect, open source is really a lot of little things put together. A lot of companies and organizations get this wrong.

Show Notes

Iliana's Twitter
There is no "software supply chain"
Google supply chain blog
GitHub ansi_term advisory
PyPI 2FA Dashboard
tarfile issue rediscovered in 2022

← All episodes of Open Source Security