←back to thread

Fifty Years of Open Source Software Supply Chain Security

(queue.acm.org)
182 points yarapavan | 1 comments | 07 Apr 25 18:04 UTC | HN request time: 0s | source
Show context
aadhavans ◴[07 Apr 25 18:24 UTC] No.43614405[source]
A very well-written piece. The section on funding open source is as relevant as it's ever been, and I don't think we've learnt much since last year.

As the proportion of younger engineers contributing to open-source decreases (a reasonable choice, given the state of the economy), I see only two future possibilities:

1. Big corporations take ownership of key open-source libraries in an effort to continue their development.

2. Said key open-source libraries die, and corporations develop proprietary replacements for their own use. The open source scene remains alive, but with a much smaller influence.

replies(5): >>43614635 #>>43615318 #>>43615592 #>>43616293 #>>43618059 #
1. lrvick ◴[07 Apr 25 20:00 UTC] No.43615318[source]
My company, Distrust, exists to produce, support, and fund our open source security tools.

So far our core full time team of 3 gets to spend about half our time consulting/auditing and half our time contributing to our open projects that most of our clients use and depend on.

The key is for companies to have visibility into the current funding status of the software they depend on, and relationships with maintainers, so they can offer to fund features or fixes they need instead of being blocked.

https://distrust.co