Read the original article: How do you fix a problem like open-source security? Google has an idea tho constraints may not go down well
‘Try telling leaders of libpng, libjpeg-turbo, openssl, ffmpeg etc they can’t make “unilateral” changes to their own projects’
Google has proposed a framework for discussing and addressing open-source security based on factors like verified identity, code review, and trusted builds, but its approach may be at odds with open-source culture.…
Read the original article: How do you fix a problem like open-source security? Google has an idea tho constraints may not go down well