Between the rapid release of open source software, and modern OSes preloaded with packages, enterprises are vulnerable to attacks they aren’t even aware of.
We need more need to normalize companies stepping up to pay for security development for opensource products they utilize. If companies aren't putting FTEs to cover their risk of using a product or service then they should be held liable for any damages that causes them or their customers. This is for more than FOSS and for more than CVEs but also critical errors that cause delays in business continuity.
The issue is many c suite are just now under standing this and many justice systems seem behind on this.
We need more need to normalize companies stepping up to pay for security development for opensource products they utilize. If companies aren't putting FTEs to cover their risk of using a product or service then they should be held liable for any damages that causes them or their customers. This is for more than FOSS and for more than CVEs but also critical errors that cause delays in business continuity.
The issue is many c suite are just now under standing this and many justice systems seem behind on this.