Impact of New US National Cybersecurity Strategy on Organizations Building With OSS – Donald Fischer – ESW #312
Overall increase in government regulations. EU as well. Shift in liability from consumers to organizations.How to take advantage of safe harbor protections and reduce organizational risk and liability. NIST SSD Framework - how do you understand the security practices of the open source packages you use in your applications and ensure they are following the NIST practices (so you can take full advantage of safe harbor protections and reduce potential liability). Creating a network of open source maintainers, documenting and attesting to their security practices, is a solution. Work with the maintainers to be able to provide documentation. How to get more involved with development in open source security. What is the mechanism?
Segment Resources: https://tidelift.com/government-open-source-cybersecurity-resources
Announcements
Security Weekly listeners save $100 on their RSA Conference 2023 Full Conference Pass! RSA Conference will take place April 24-27 in San Francisco and on demand. To register using our discount code, please visit https://securityweekly.com/rsac2023 and use the code 53UCYBER! We hope to see you there!
Guest
Donald Fischer is co-founder and CEO of Tidelift. Previously he was a venture partner at General Catalyst, a member of the investment team at Greylock Partners, and an executive at Typesafe (now Lightbend) and Red Hat. He holds a BS in economics and computer science from Yale University, an MS in computer science from Stanford University, and an MBA from Columbia Business School.