Over the past several years, the demands on open source maintainers to level up the maintenance and security practices around their open source projects have substantially increased. For good reason—security incidents like Log4Shell have dramatically illustrated the importance of heightened security and maintenance measures.
There’s one problem: the volunteer open source maintainers who create the code most organizations rely on did not sign up to be a part of anyone’s supply chain, and in many cases aren’t being paid to do the work they are being asked to do.
How do we fix the accidental supply chain that open source has become in a way that benefits both the open source creators and the organizations that rely on their work?
That’s the subject of this year’s Upstream!