this is why I’ve side eyed any federal document about software #security, quality, or #resilience that demonizes open source software while touting the virtues of commercial cybersecurity products

as if those products aren’t notorious for deep access + flimsy quality…

I’ve written about this concern in two separate RFIs to CISA et al (with co-conspirator @rpetrich)

1) on OSS security https://kellyshortridge.com/blog/posts/rfi-open-source-security-response/

2) on secure by design https://kellyshortridge.com/blog/posts/rfi-secure-by-design-response/

#crowdstrike

Open-Source Software Security RFI Response from Shortridge Sensemaking LLC

This blog post describes our response to the RFI on Open-Source Software Security and links to the response PDF.

^{Sensemaking by Shortridge}