Good news: everyone is paying attention to open source security and resilience right now! OpenSSF’s Scorecard Project and other industry and government initiatives like SLSA and the NIST Secure Software Development Framework (SSDF) are leading the way in paving a new standard for secure development practices for open source.
The next challenge: putting maintainers in a position to successfully take on the additional work required to meet this growing body of standards. In this talk, Lauren Hanford, VP of Product at Tidelift, will share five years of data and discerned patterns learned from working closely with open source maintainers to validate they’ve maintained a set of development standards, and take a closer look at learnings derived from incentivizing a set of specific scorecard checks.
This research gives us clear insights about what we can expect from maintainers as we enter a new era of increasing liability where organizations need greater clarity and assurances around how the code they rely on gets built.