[$] The burden of knowledge: dealing with open-source risks
Date:
Fri, 14 Mar 2025 13:54:04 +0000
Description:
Organizations relying on open-source software have a wide range of
tools, scorecards, and methodologies to try to assess security, legal,
and other risks inherent in
their so-called supply chain. However, Max Mehl argued
recently in a short talk at FOSS Backstage in Berlin (and
online) that all of
this objective information and data is insufficient to truly
understand and address risk. Worse, this information doesn't provide
options to improve the situation and encourages a passive mindset. Mehl, who works as part of
the CTO group at DBSystel , encouraged better risk assessment using
qualitative data and direct participation in open source.
======================================================================
Link to news story:
https://lwn.net/Articles/1013614/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)