Moving past the CVE back-and-forth

Поделиться
HTML-код
  • Опубликовано: 5 окт 2024
  • In his Upstream session, James Berthoty CEO of Latio Tech provides an overview of what the problem is with submitting CVEs to GitHub issues-why it's frustrating for compliance teams and maintainers both. In this clip, he explains how, to move past the CVE back-and-forth, we need to pay open source maintainers and build a better working relationship with them.
    Watch the full talk here: explore.tideli...
    Transcript:
    So what are some better ways forward here that we can make more sense of this CVE back and forth that happens? The first, which is something I'm always advocating for, is that we call open source maintainers vendors when we treat them like vendors, and we publish CVEs and expect them to fix them as though they're contractors. And so we should actually pay them and have some kind of contract in place as though they are vendors or contractors to establish the relationship ahead of time. It's extremely unfair how we expect them to patch CVEs without having any formal relationship to us.

Комментарии •

Следующие
Автовоспроизведение
Open Source Explained6:11Open Source Explained
Open Source ExplainedIBM Technology
Просмотров 65 тыс.
How I got a High Paying Remote Job through Open Source Contribution15:56How I got a High Paying Remote Job through Open Source Contribution
How I got a High Paying Remote Job through Open Source ContributionHarkirat Singh
Просмотров 202 тыс.
Transparency: proprietary software versus open source software2:33Transparency: proprietary software versus open source software
Transparency: proprietary software versus open source softwareTidelift
Просмотров 81
The Lore of Elden Ring is FOUL53:23The Lore of Elden Ring is FOUL
The Lore of Elden Ring is FOULVaatiVidya
Просмотров 860 тыс.
I finally confronted Goth Egg11:46I finally confronted Goth Egg
I finally confronted Goth EggEmily Hopkins
Просмотров 1,3 млн
The Cringiest Enemies to Lovers Show15:02The Cringiest Enemies to Lovers Show
The Cringiest Enemies to Lovers ShowChad Chad
Просмотров 929 тыс.
Pete Alonso hits game-winning homer to avoid elimination, a breakdown07:24Pete Alonso hits game-winning homer to avoid elimination, a breakdown
Pete Alonso hits game-winning homer to avoid elimination, a breakdownJomboy Media
Просмотров 535 тыс.
Noam Chomsky - Why Does the U.S. Support Israel?7:41Noam Chomsky - Why Does the U.S. Support Israel?
Noam Chomsky - Why Does the U.S. Support Israel?Chomsky's Philosophy
Просмотров 6 млн
How to contribute to open source projects (our community project walkthrough)11:49How to contribute to open source projects (our community project walkthrough)
How to contribute to open source projects (our community project walkthrough)Web Dev Cody
Просмотров 68 тыс.
Why Are Open Source Alternatives So Bad?13:06Why Are Open Source Alternatives So Bad?
Why Are Open Source Alternatives So Bad?Eric Murphy
Просмотров 646 тыс.
How to win a argument9:28How to win a argument
How to win a argumentajaxkmr (ajaxkmr1986)
Просмотров 587 тыс.
The Tidelift Subscription: Eliminating risk from bad open source packages2:59The Tidelift Subscription: Eliminating risk from bad open source packages
The Tidelift Subscription: Eliminating risk from bad open source packagesTidelift
Просмотров 266
Don't Contribute to Open Source9:55Don't Contribute to Open Source
Don't Contribute to Open SourceTheo - t3․gg
Просмотров 235 тыс.
With AI, Anyone Can Be a Coder Now | Thomas Dohmke | TED14:30With AI, Anyone Can Be a Coder Now | Thomas Dohmke | TED
With AI, Anyone Can Be a Coder Now | Thomas Dohmke | TEDTED
Просмотров 224 тыс.
Setting up a production ready VPS is a lot easier than I thought.29:50Setting up a production ready VPS is a lot easier than I thought.
Setting up a production ready VPS is a lot easier than I thought.Dreams of Code
Просмотров 171 тыс.
Being Competent With Coding Is More Fun11:13Being Competent With Coding Is More Fun
Being Competent With Coding Is More FunTheVimeagen
Просмотров 89 тыс.
This referee is too unauthentic, isn't it😂# Dad takes baby# Family has adorable baby# Human cub# H00:16This referee is too unauthentic, isn't it😂# Dad takes baby# Family has adorable baby# Human cub# H
This referee is too unauthentic, isn't it😂# Dad takes baby# Family has adorable baby# Human cub# H开心baby
Просмотров 1,5 млн
🎙КВАШЕНАЯ тут ПОЁТ для ТЕБЯ!❤️3:16:54🎙КВАШЕНАЯ тут ПОЁТ для ТЕБЯ!❤️
🎙КВАШЕНАЯ тут ПОЁТ для ТЕБЯ!❤️Саша Квашеная
Просмотров 1,3 млн
САМОЕ ГРУБОЕ НАРУШЕНИЕ ПРАВИЛ ДОРОЖНОГО ДВИЖЕНИЯ В США #америка #США #ЖИЗНЬВСША00:30САМОЕ ГРУБОЕ НАРУШЕНИЕ ПРАВИЛ ДОРОЖНОГО ДВИЖЕНИЯ В США #америка #США #ЖИЗНЬВСША
САМОЕ ГРУБОЕ НАРУШЕНИЕ ПРАВИЛ ДОРОЖНОГО ДВИЖЕНИЯ В США #америка #США #ЖИЗНЬВСШАMAXinventoR
Просмотров 21 тыс.
這就是爸爸,小可差點氣暈了。 #家庭日常#監控下的一幕00:14這就是爸爸,小可差點氣暈了。 #家庭日常#監控下的一幕
這就是爸爸,小可差點氣暈了。 #家庭日常#監控下的一幕小多妈mi
Просмотров 3,1 млн
Настоящий Гений Пранков - Нейтан Филдер!51:31Настоящий Гений Пранков - Нейтан Филдер!
Настоящий Гений Пранков - Нейтан Филдер!Solek
Просмотров 462 тыс.
Военная драма Павла Чухрая "Холодное танго" уже на канале! #драма #фильм #фильмы #топ00:59Военная драма Павла Чухрая "Холодное танго" уже на канале! #драма #фильм #фильмы #топ
Военная драма Павла Чухрая "Холодное танго" уже на канале! #драма #фильм #фильмы #топСЕРИАЛЫ. ДРАМА
Просмотров 277 тыс.
Все плюсы мультфильма "Головоломка 2"47:40Все плюсы мультфильма "Головоломка 2"
Все плюсы мультфильма "Головоломка 2"Dalbek
Просмотров 218 тыс.
НЮША УСПОКОИЛА КОТЯТ#cat00:43НЮША УСПОКОИЛА КОТЯТ#cat
НЮША УСПОКОИЛА КОТЯТ#catЛайки Like
Просмотров 1 млн