Published on the Red Hat blog, noting here that Curated, tested and supported: How enterprise vendors mitigate open source supply chain risk was posted yesterday. It's an article that talks about supply chain risk and associated costs -- after all, no software is truly "free" (which is why we prefer the term open source to free software). So where is that cost paid? The article explores that.
It also has a video interview on open source and security I did with the fine folks at RedMonk last December.
I also got to use my "water treatment facility" analogy that I've been using internally at Red Hat for nearly a year now about what a supply chain looks like and the parallels between what we do for software being akin to what a water treatment facility does for, well, water. The similarities are striking and ironic, given a few weeks after starting to use the analogy, the Florida water treatment hack was a thing.
Hopefully you find the topic as interesting as I do!