Episode 295 - Open source security isn't free

<p><a href="https://twitter.com/joshbressers" rel= "nofollow">Josh</a> and <a href="https://twitter.com/kurtseifried" rel="nofollow">Kurt</a> talk about Josh's electric car and new job. We then talk about the recent UAParser.js malware incident. There have been a lot of calls to do more to secure open source, but nobody seems to have any concrete proposals or suggestions to fund any of these activities.</p> <h2>Show Notes</h2> <ul> <li><a href="https://www.npmjs.com/package/ua-parser-js" rel= "nofollow">UAParser.js</a></li> <li><a href= "https://us-cert.cisa.gov/ncas/current-activity/2021/10/22/malware-discovered-popular-npm-package-ua-parser-js" rel="nofollow">CISA announcement</a></li> </ul>