Hear Tidelift CEO and co-founder Donald Fischer gives his take on why we need to address open source software supply chain issues now.
This video clip comes from our on-demand webinar, why software composition analysis tools aren't enough. In this webinar, Donald talks about a new approach to improving open source supply chain resilience that brings together people and software. You can watch the entire webinar on-demand here.
The bottom line here is as more and more open source is coming into application development, the challenges we've been talking about and the complexity surrounding them—it's only going to increase.
Against this backdrop of increasing open source software supply chain attacks or vulnerabilities, like Log4Shell, and this rising tide of government requirements around open source usage—this, essentially, crisis among volunteer maintainers, who are being asked for more and more without proper incentivization, we need some new approaches to get this done.