Open source maintainers are not contracted vendors

Поделиться
HTML-код
  • Опубликовано: 27 июн 2024
  • In his Upstream session, James Berthoty CEO of Latio Tech provides an overview of what the problem is with submitting CVEs to GitHub issues-why it's frustrating for compliance teams and maintainers both. In this clip, he emphasizes that open source maintainers, who are often volunteers, are not contracted vendors.
    Watch the full talk here: explore.tidelift.com/upstream...
    Transcript:
    Now vendor dependencies are where these CVEs, by default, have to fall, even though open source maintainers don't have a contract in place to make them a vendor in a formal sense. Nonetheless, that's how they have to be treated, because there's really no other options for what to do with these vulnerabilities when they're discovered. And so when you have a vendor dependency, your guidelines are forcing you to, you're supposed to check in with the vendor upstream every 30 days for either them to confirm that it's a false positive or for them to give you their timeline for remediation. And so that is the process for what compliance has and what you can see is they if they are following from a strict compliance viewpoint here, the number of options they have are very limited for how to report these findings to a vendor.
  • НаукаНаука

Комментарии •

Следующие
Автовоспроизведение
The Tidelift Subscription: Eliminating risk from bad open source packages2:59The Tidelift Subscription: Eliminating risk from bad open source packages
The Tidelift Subscription: Eliminating risk from bad open source packagesTidelift
Просмотров 150
Finding our way out of the CVE dungeon2:03Finding our way out of the CVE dungeon
Finding our way out of the CVE dungeonTidelift
Просмотров 10
There's A New Browser (That ISN'T Chrome Based)47:59There's A New Browser (That ISN'T Chrome Based)
There's A New Browser (That ISN'T Chrome Based)Theo - t3․gg
Просмотров 113 тыс.
Overnight Survival, But Wherever Tesla Cybertruck Dies!42:48Overnight Survival, But Wherever Tesla Cybertruck Dies!
Overnight Survival, But Wherever Tesla Cybertruck Dies!JStu
Просмотров 458 тыс.
Rob49 - On Dat Money (with Cardi B) [Official Video]02:36Rob49 - On Dat Money (with Cardi B) [Official Video]
Rob49 - On Dat Money (with Cardi B) [Official Video]ROB49
Просмотров 689 тыс.
Beetlejuice Beetlejuice | Official Trailer 202:27Beetlejuice Beetlejuice | Official Trailer 2
Beetlejuice Beetlejuice | Official Trailer 2Warner Bros. Pictures
Просмотров 17 млн
Yapping again // EP 39 - Pretty Lonesome with Madeline Argy45:32Yapping again // EP 39 - Pretty Lonesome with Madeline Argy
Yapping again // EP 39 - Pretty Lonesome with Madeline Argymadelineargy
Просмотров 620 тыс.
An example of how security teams respond to CVEs1:48An example of how security teams respond to CVEs
An example of how security teams respond to CVEsTidelift
Просмотров 23
Did Modi really kill black money in India? : Economic case study27:40Did Modi really kill black money in India? : Economic case study
Did Modi really kill black money in India? : Economic case studyThink School
Просмотров 1,4 млн
A.I. Revolution | Full Documentary | NOVA | PBS53:46A.I. Revolution | Full Documentary | NOVA | PBS
A.I. Revolution | Full Documentary | NOVA | PBSNOVA PBS Official
Просмотров 540 тыс.
Generative AI in a Nutshell - how to survive and thrive in the age of AI17:57Generative AI in a Nutshell - how to survive and thrive in the age of AI
Generative AI in a Nutshell - how to survive and thrive in the age of AIHenrik Kniberg
Просмотров 1,7 млн
Reid Hoffman - Biden’s Decision to Stay in the Presidential Race | Prof G Conversations32:44Reid Hoffman — Biden’s Decision to Stay in the Presidential Race | Prof G Conversations
Reid Hoffman - Biden’s Decision to Stay in the Presidential Race | Prof G ConversationsThe Prof G Show – Scott Galloway
Просмотров 31 тыс.
How Red Bull Is Made In Factory 🥤🥤 Inside Red Bull Factory And Other Beverage | Captain Discovery11:15How Red Bull Is Made In Factory 🥤🥤 Inside Red Bull Factory And Other Beverage | Captain Discovery
How Red Bull Is Made In Factory 🥤🥤 Inside Red Bull Factory And Other Beverage | Captain DiscoveryCaptain Discovery
Просмотров 13 тыс.
The BEST AI VIDEO Generator is…(Head-to-Head Battle)31:22The BEST AI VIDEO Generator is…(Head-to-Head Battle)
The BEST AI VIDEO Generator is…(Head-to-Head Battle)AI Samson
Просмотров 11 тыс.
CrowdStrike CEO: Cyber outage is 'not a security incident or cyberattack'5:13CrowdStrike CEO: Cyber outage is 'not a security incident or cyberattack'
CrowdStrike CEO: Cyber outage is 'not a security incident or cyberattack'KSDK News
Просмотров 69 тыс.
The 8.8 trillion dollar value of open source software2:03The 8.8 trillion dollar value of open source software
The 8.8 trillion dollar value of open source softwareTidelift
Просмотров 17
Неожиданная концовка. $5000 или что-то из apple магазина? #shorts #опрос #сигма #телефон #rec #fyp00:16Неожиданная концовка. $5000 или что-то из apple магазина? #shorts #опрос #сигма #телефон #rec #fyp
Неожиданная концовка. $5000 или что-то из apple магазина? #shorts #опрос #сигма #телефон #rec #fypTokparty
Просмотров 2,1 млн
Choose a phone for your mom00:20Choose a phone for your mom
Choose a phone for your momChooseGift
Просмотров 7 млн
Видеокамера Sony / Фонарь Led Lenser | ПОВТОРНЫЕ РЕМОНТЫ05:32Видеокамера Sony / Фонарь Led Lenser | ПОВТОРНЫЕ РЕМОНТЫ
Видеокамера Sony / Фонарь Led Lenser | ПОВТОРНЫЕ РЕМОНТЫRemonter
Просмотров 24 тыс.
Как удвоить напряжение? #электроника #умножитель01:00Как удвоить напряжение? #электроника #умножитель
Как удвоить напряжение? #электроника #умножительHi Dev! – Электроника
Просмотров 889 тыс.
Choose a phone for your mom00:20Choose a phone for your mom
Choose a phone for your momChooseGift
Просмотров 7 млн
ОБСЛУЖИЛИ САМЫЙ ГРЯЗНЫЙ ПК01:00ОБСЛУЖИЛИ САМЫЙ ГРЯЗНЫЙ ПК
ОБСЛУЖИЛИ САМЫЙ ГРЯЗНЫЙ ПКVA-PC
Просмотров 2 млн
3 месяца подготовки и тут.. Выпуск уже на канале! #litvin #unit_ru #iphone #litenergy #shortvideo00:553 месяца подготовки и тут.. Выпуск уже на канале! #litvin #unit_ru #iphone #litenergy #shortvideo
3 месяца подготовки и тут.. Выпуск уже на канале! #litvin #unit_ru #iphone #litenergy #shortvideoUNIT | ЮНИТ | IPHONE 15
Просмотров 1 млн
iPhone 15 Pro в реальной жизни24:07iPhone 15 Pro в реальной жизни
iPhone 15 Pro в реальной жизниHUDAKOV
Просмотров 405 тыс.