Securing open source software: Whose job is it, anyway?

The US government and some of the largest open source foundations and package repositories have announced a series of initiatives intended to improve software supply-chain security, while also repeating calls for developers to increase support for such efforts.

You can read the full article here.