There is no “software supply chain”

https://iliana.fyi/blog/software-supply-chain/

I really appreciated how succinct this was.

In actual supply chains, money is changing hands.

I’ve had a blog post on how OSS broke security by severing accountability from developers to users.

I also appreciated this aside:

Everything that can be said about sponsorship and paying maintainers has already been said. Important work is still unfunded.

Of course, I’m sure I’ll be blogging more about that, anyway. I think the fundamentals are pretty well understood, but how they’re playing out in competition among platforms isn’t.

1 Like

I’ve had a blog post on how OSS broke security by severing accountability from developers to users.

This is very interesting. I’m exploring a model that shifts security/accountability back to developers and offer them an opportunity to monetize. Any thoughts on this?

Would appreciate a link to the blog. Thanks!