Eleanor Saitta on Nostr: [@whitequark](https://mastodon.social/@whitequark) Basically, you get the shitty ...
[@whitequark](https://mastodon.social/@whitequark)
Basically, you get the shitty choice between engaging with the process and working for solutions to the societal problem of FOSS insecurity that take as little effort as possible on your part and actually work, or the world is likely to drop a liability regime in your lap that won't fix the problem but will cost you a lot of time and money.
Because software insecurity is now a society-level concern, and because FOSS insecurity is a nontrivial part of that, opting out isn't an option. Saying that the relationship doesn't exist etc. is just giving up any seat at that table.
Any CISO who isn't an idiot does care about your life getting harder, because they want your work output to exist and while their first priority is the security of their org, their zeroeth priority is the success of their org, which requires FOSS code. Amy CISO who isn't a sociopath puts good outcomes for society before either, which requires a similar balance between insecurity and your life — but even the sociopaths should care. Unfortunately, like executive sociopaths, there are a lot of idiots out there. Giving up your seat still doesn't help.
[@raito](https://nixos.paris/@raito) [@rst](https://mastodon.social/@rst) [@tinker](https://infosec.exchange/@tinker) [@AndresFreundTec](https://mastodon.social/@AndresFreundTec)
Basically, you get the shitty choice between engaging with the process and working for solutions to the societal problem of FOSS insecurity that take as little effort as possible on your part and actually work, or the world is likely to drop a liability regime in your lap that won't fix the problem but will cost you a lot of time and money.
Because software insecurity is now a society-level concern, and because FOSS insecurity is a nontrivial part of that, opting out isn't an option. Saying that the relationship doesn't exist etc. is just giving up any seat at that table.
Any CISO who isn't an idiot does care about your life getting harder, because they want your work output to exist and while their first priority is the security of their org, their zeroeth priority is the success of their org, which requires FOSS code. Amy CISO who isn't a sociopath puts good outcomes for society before either, which requires a similar balance between insecurity and your life — but even the sociopaths should care. Unfortunately, like executive sociopaths, there are a lot of idiots out there. Giving up your seat still doesn't help.
[@raito](https://nixos.paris/@raito) [@rst](https://mastodon.social/@rst) [@tinker](https://infosec.exchange/@tinker) [@AndresFreundTec](https://mastodon.social/@AndresFreundTec)