Hear Tidelift VP of Product, Lauren Hanford discuss the liability shift from producers to consumers, as stated in the U.S. National Cybersecurity Strategy published in March 2023.
This video clip comes from our on-demand webinar, how the NIST SSDF impacts open source software. In this webinar, Lauren and Senior Product Marketing Lead, Kanish Sharma discuss the NIST SSDF and how organizations can follow its guidance when they are building applications with open source software. You can watch the entire webinar on-demand here.
The government is being really clear about where liability is going to sit. We've been in the space where the liability has sat on folks like all of us here, the end consumers; downstream consumers of software.
And we're turning the page here. I think the government's being really clear that the responsibility and the liability is not going to be placed on the developers of open source as the upstream maintainers.
Where this leaves us is the clarity that those that are producing software that are ingesting open source to drive innovation, to drive business impact, are going to be in a new era of accountability here. We know anecdotally and in data, the average application is built up of about 70% of open source libraries. And I think we all know that there's no central compliance security or DevOps practice today for upstream application libraries.