Enterprise Linux Security Episode 47 – Legislating Open Source

Supply chain attacks in open source software projects are a real possibility. In fact, we’ve covered actual incidents in previous episodes of this podcast. In this episode, Jay and Joao discuss developing legislation that will require the components within open source projects to be a part of a bill of materials (among other requirements). This is definitely something you’ll want to be aware of if your organization produces open-source software, but even non-developers should be aware of it as well. Relevant Articles Gov’t Adds Open Source Security to Software Supply Chain 20-page PDF with more specific details on the bill Download Links MP3 Version (normal quality) MP3 version (lower quality, smaller file) Ogg version