BREAKING: The Swedish parliament passed a law lowering the age required for people to legally change their gender from 18 to 16. apnews.com/article/sweden…

The XZ Utils compromise highlights the urgent need for software manufacturers to sustain the open source ecosystems they depend on. Read my teammates Jack Cable & æva black's blog on how Cybersecurity and Infrastructure Security Agency is approaching open source with a #SecureByDesign mindset: go.dhs.gov/JHf

CISA's æva black and Jack Cable say the XZ Utils supply-chain incident highlights need for more investment: 'Companies consuming open source software must contribute back — either financially or through developer time — to ensure a sustainable ecosystem.' cisa.gov/news-events/ne…

CISA advisors Jack Cable and æva black describe in our latest blog how we are responding to the XZ Utils compromise and how every tech manufacturer should take a #SecureByDesign approach to securing open source software: go.dhs.gov/JHf

The xz attack was not because it was open source. The attack failed because it was open source. The way this attack works for non-open source is the attacker spends 2 years getting an agent hired by contract software development vendor, they sneak it in, nobody finds out.

i can't believe i have to say this but the takes where people are saying 'money won't solve OSS sustainability' ... they are saying something extremely narrow - so much so that it is barely worth saying

If you're looking for my takes on the xz exploit and addressing maintainer burnout/sustainable FOSS development, I gotchu over on masto: cloudisland.nz/@ehashman/1121…

Linux doesn't need antivirus. In fact the malware just comes bundled in your core packages sometimes, as a treat.

On Transgender Day of Visibility, I think about how often visibility is granted to transgender people but not a voice.

How many newspapers, TV networks, legislative chambers, and more grant trans people 'visibility' but no agency.

How our stories are so rarely told by us.

“A legal name policy would have prevented this—“

Public details of the xz hack mirror what so many #opensource maintainers have been worried about because most tech stacks are deeply dependent on volunteerism — so, burn out is a security concern.

Responsible Consumers
must be
Sustainable Contributors

Open source maintainer burnout is a clear and present security danger. What are we doing about that?

👉After a lot of hard work, I’m excited to announce that Cybersecurity and Infrastructure Security Agency’s Notice of Proposed Rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) is now available on the Federal Register at go.dhs.gov/JbC.

Anti-trans lawmaking has become one of the main driving forces in conservative politics over the last half decade and neither MSNBC nor CNN has ever paid an openly trans person to be an on air contributor.

OH: “Kubernetes is how you make friends in your 30s”

OK he's not my favorite human but this pretty well sums up my career story. Honestly, it's scary and hard to trust yourself in this way, but this is how you overcome imposter syndrome. And that fear is what will drive you to succeed in learning that new thing.

🔔 Last call! OSI board members elections close in less than an hour! Make sure to cast your vote following the instructions you received via email. Remember the results are advisory, and winners will be announced after the board reviews the voting opensource.org/about/board-of…

ICYMI - last week we announced new efforts to help secure open source software (OSS). OSS helps run our nation's critical infrastructure and we're going to work with the community to contribute to an improved security of the broader OSS ecosystem.
executivegov.com/2024/03/cisa-u…