Open source security is bigger than you can imagine
Did you know the VAST majority of open source projects have one maintainer? And nearly every open source project depends on at least one single maintainer project? We can’t use old ways of managing risk and vulnerabilities to solve today’s open source problems. To borrow a concept from game theory, open source is an infinite game. It has no end, we cannot win, we can only play. Yet many of our ideas focus on an end state.
The size of the open source landscape is bigger than we can imagine. Collectively we have seen unimaginable growth over the last decade. The risk associated with our open source, especially open source vulnerabilities, has been top of mind for the last few years. But we are woefully uninformed about how big open source really is.
The size of ecosystems is growing exponentially, our use of open source is growing faster than we can track it. There’s work happening in the OpenSSF community, but we need more. In this session, Josh Bressers will demonstrate the size of the problem using data to help attendees grasp its magnitude. If we don’t first understand the size of the problem, we can’t create realistic solutions.
How big is open source?!