Paper on open source software supply chain security includes recommendations, cost analysis

A paper from the Linux Foundation and Open Source Security Foundation offers a “comprehensive portfolio” of recommendations for improving the security of open source software in supply chains, based on best practices and including analysis of related costs.

“It’s time we apply these software security best practices to the whole of the software ecosystem, and the OSS ecosystem is the critical place to start because of the shared dependency most organizations in the world have on the same commonly-used OSS...