The Linux Foundation
Tidelift
Sovereign Tech Fund
Governments are starting to believe that their traditional hands-off approach to open source no longer makes sense. But what then? Europe is providing examples of both “carrot” and “stick”: providing incentives to people and organizations to do more security work (i.e. the carrot) or penalizing them for not doing the work or after security incidents happen (i.e. the stick). In this fireside chat, Tidelift co-founder and general counsel Luis Villa sits down with Fiona Krakenbürger from the Sovereign Tech Fund and Mirko Boehm from the Linux Foundation Europe to discuss the impending CRA legislation in the EU (the biggest government stick to date) and the Sovereign Tech Fund’s “carrot” approach to funding open security.
Governments are starting to believe that their traditional hands-off approach to open source no longer makes sense. But what then? Europe is providing examples of both “carrot” and “stick”: providing...
10 questions you should answer before using an open source project
When it comes to open source software security, many organizations rely heavily on software scanning (often called software composition analysis or SCA) as the primary means of defense.
The value of a proactive approach to open source application security
Learn how one large organization saved over $1.6M in manual package evaluation time and eliminated over 3,000 points of risk in applications running in production.
.png)
The guide to reducing security risk from bad open source packages
In this guide, we'll discuss how your organization can reduce risk by avoiding “bad” open source packages.