(opensourcesecurity.io)

433 points LawnGnome | 3 comments | 28 Aug 25 01:54 UTC | HN request time: 0s | source

Show context

firesteelrain ◴[29 Aug 25 02:21 UTC] No.45059347[source]▶

I can see how the article seemed like an advertisement for Hunted Labs. I have talked to them and it’s a good product especially if you care about where you are getting your software from as part of a supply chain analysis.

replies(1): >>45059463 #

pabs3 ◴[29 Aug 25 02:39 UTC] No.45059463[source]▶

>>45059347 #

It seemed like an advertisement for the incompetence of Hunted Labs to me, from them:

> "This serves as another powerful reminder that knowing who writes your code is just as critical as understanding what the code does"

If who wrote some code matters to you, then your supply chain management is simply insufficient.

replies(1): >>45059575 #

firesteelrain ◴[29 Aug 25 02:50 UTC] No.45059575[source]▶

>>45059463 #

> If who wrote some code matters to you, then your supply chain management is simply insufficient.

I am not following. Source country is absolutely a thing when certain industries look at open source. That’s what Hunted Labs does

replies(1): >>45059889 #

1. pabs3 ◴[29 Aug 25 03:38 UTC] No.45059889[source]▶

>>45059575 #

Its completely irrelevant if you are doing things properly.

replies(1): >>45062371 #

2. firesteelrain ◴[29 Aug 25 10:37 UTC] No.45062371[source]▶

>>45059889 (TP) #

Can you elaborate?

replies(1): >>45122420 #

3. pabs3 ◴[04 Sep 25 01:28 UTC] No.45122420[source]▶

>>45062371 #

The whole article is refuting their point.

↑

Open Source is one person