“I’m not a supplier!” open source maintainers correctly say. When a large company comes in making unfunded demands, it drives volunteer maintainers away. But supply chain attacks are a reality and they don’t just affect megacorps. As an open source maintainer, you have a supply chain, too.
Improving your security improves safety for everyone. But how can volunteer maintainers who aren’t security experts do this work? This talk introduces easy practices and tools to address common software supply chain concerns. Attendees will also learn how to address supply chain and regulatory concerns from their downstreams.
