'... we've identified multiple hooking options to adapt to different environments ...'
twitter.com/AminovDanielle…

So true.
twitter.com/apenwarr/statu…

🤣
x.com/ravirockks/sta…

'[Governments and tech giants] should expand funding for and co-operation with non-profit institutions, like the Open Source Initiative and the Linux Foundation, which support the open-source ecosystem'.

Good on the Yanks for having OS3I.
archive.md/oaXBG

'... that they were now being hunted by well-resourced spies pretending to be Good Samaritans was “incredibly intimidating' ... [Should there be some sort of awareness-raising campaign by counterespionage agencies for OSS folk, like for universities?]
reuters.com/technology/cyb…

'Online open source mailing lists are teeming with complaints about tech giants demanding that volunteers troubleshoot issues with open source software those companies use to make billions of dollars'.

👇🏼
x.com/forrestbrazeal…

Great take by the sage, Schneier Blog, on the xz utils saga:

'The security of the global internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers.
lawfaremedia.org/article/backdo…

'It’s an untenable situation, and one that is being exploited by malicious actors. Yet precious little is being done to remedy it.

'This was an attack on our software supply chain ... increasingly the weapon of choice of nation-states.

'The industry hates this idea [of SBOMs] ... perhaps the tide is turning.

'The fundamental problem is that tech companies dislike spending extra money even more than programmers dislike doing extra work ... The market economy rewards this sort of insecurity.

'The big tech companies pledged $30 million in funding after the critical Log4j supply chain vulnerability, but they never delivered. [EXCUSE ME?!]