Paid maintainers are 55% more likely to implement critical security and maintenance practices than unpaid maintainers and are dedicating more time to implementing security practices like those included in industry standards like the OpenSSF Scorecard and the NIST Secure Software Development Framework (SSDF), according to Tidelift. Open source is the modern application development platform, with up to 98% of applications containing open-source components and open-source code making up 70% or more of the average application. … More
The post Paid open-source maintainers spend more time on security appeared first on Help Net Security.