Loading…
Attending this event?
September 30 - October 1, 2024 | New York, New York
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source in Finance Forum New York 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Eastern Daylight Savings Time (EDT). To see the schedule in your preferred timezone, please select from the drop-down located at the bottom of the menu to the right.
Tuesday October 1, 2024 2:15pm - 2:45pm EDT
Most efforts to improve the security of the open source software supply chain revolve around finding and remediating vulnerabilities, and an entire industry has been built around vulnerability patch management. But there is another way to improve open source security outcomes proactively instead of waiting for vulnerabilities to appear: paying maintainers to ensure their projects follow secure software development practices. In this session, Donald Fischer, CEO, Tidelift, shares the results of a recent program where maintainers were paid recurring income to validate that their projects follow secure software development practices ( i.e. Open SSF Scorecards, NIST SSDF). Among other findings, this experiment resulted in projects improving their OpenSSF Scorecards scores by an average of 57%. Donald will also share data from a new open source maintainer survey showing what additional practices maintainers are willing to implement when they are paid for their work. He will also provide strategies financial services organizations interested in reducing supply chain risk from open source packages can use to make open source maintainers part of their security strategy.
Speakers
avatar for Donald Fischer

Donald Fischer

CEO and co-founder, Tidelift
Donald Fischer is co-founder and CEO of Tidelift. Previously, he was a product manager and executive at Red Hat, and an investor and board member at over a dozen open source software startups.
Tuesday October 1, 2024 2:15pm - 2:45pm EDT
Broadway Ballroom North
  Security
  • Session Slides Attached Yes
Log in to leave feedback.

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Share Modal

Share this link via

Or copy link