Michael Lieberman

Are some large enterprises acting like ignorant children? 🤔

If I'm writing a personal project? I'm a little bit more flexible.

If I'm working on something for my employer, I'm looking at the risks. A sandbox research project is going to go through different scrutiny than something like an online banking application.

I think the way Europe is looking at this with the CRA is also something to look at. Europe says in your example it's still the responsibility of the organization consuming the OSS to ensure it meets the regulation.

Open source in and of itself is just code thrown out to the public with no warranty. Some of it is good, some bad. In your example if, maybe I would look at a different project or buy it from a reputable organization instead of something with few maintainers.

Yes absolutely. People leave up all sorts of stuff. Unless you are purposefully misleading folks it's up to the consumer to do some level of due diligence. I have worked at massive banks where there were policies in place to prevent including that sort of stuff.

It is still the responsibility of the consumer. Full stop.

Startup Embeds AI Security Analysis in Dev Workflow Kusari Inspector analyzes dependencies and code changes during pull requests, providing devs with actionable go/no-go recommendations before code merges.

I was interviewed recently about Kusari's new security PR bot. Check it out!

I recently wrote my thoughts on why we should focus more on securely consuming open source than trying to enforce the trustworthiness of devs mikeneeds.rest/license-to-n...
Since some folks aren't familiar with satire, this is satire, this is tongue in cheek, please don't take this too seriously :).

I wonder how many people know you can install non-python code via pip and the like? I know most package managers support some level of arbitrary downloading of static content and most have also some level of arbitrary code execution on build/install.

The new #Cybersecurity Skills Framework maps 14 core job roles to real-world security skills.

✅ Built by practitioners
✅ Easy to customize
✅ Standards-aligned

🔗 Launch the free tool: cybersecurityframework.io
📰 Read more: openssf.org/press-releas...

Giant Bomb lives! Fandom has sold the site to us and it is now fully independent and employee-owned. We'll see you all on Tuesday for the Giant Bombcast.

For more info right now, head over to www.giantbomb.com/join

polygon and giant bomb dead in the same week is just unfathomable

Cat lying down with bread neck pillow

Close up photo of orange cat wearing bread neck pillow

Cat

Because they clearly don’t have a vision. They’re ruining their flagship product to chase after something consumers by and large don’t want.

TAG Security @ KubeCon EU 2025 - YouTube

Here's a playlist with the 7 KubeCon talks from TAG Security leads!

Seven!! 🤯

@mikeneeds.rest @sublimi.no

www.youtube.com/playlist?lis...

Average Score in the session feedback: 10 out of 10.

This is it, @mikeneeds.rest.

The high water mark. The peak. The climax. The apex. It only goes down from here.

🚨 OpenSSF community is heading to Denver for #OpenSSFCommunity Day NA 2025 on June 26!
AI security, SBOM tooling, real-world TTX, and more — all in one day.
🌄 Co-located with #OSSummit
🛡️ Agenda is live — register now!
🔗 openssf.org/blog/2025/04...
#CyberSecurity #OpenSourceSecurity

Love when companies post about being major contributors to #opensource projects after laying off a ton of core contributors to those projects!

I think it’s more an LHR experience. That airport always just seems so disorganized across the board.

I got there early, it was pretty empty, went to the bathroom, got out and it was absolutely packed. No seats, people just standing around.

I’m around all day if anyone wants to chat more about it! Ping me on cncf slack or stop by the Kusari booth.

Thanks! I appreciate the kind words.

A keynote about the EU Cyber Resilience Act at the #KubeCon #CloudNativeCon EU couldn't be more appropriate!

Happy to see it there and that we start collectively discussing the implications, how to comply, etc.!

Thanks @eddieknight.dev and @michaellieberman.bsky.social for bringing that topic 🙂

Are you confused about the CRA? Check out @mikeneeds.rest and @eddieknight.dev's #KubeCon keynote on Friday morning.

AOC: I want to live in an America that guarantees healthcare to every person.

I want to live in an America that has a living wage for every person

I want to live in an America where you have free speech to express yourself and not be afraid of being put on a list or deported.

I'm looking for my next thing, and I need to move fast. I have several years of experience in developer relations from startups to the enterprise, and I'm particularly skilled at distilling complex topics into something easily understood by newbies and non-technical folks alike, on stage or off. 1/3

Resign.

If you're wondering where we stand on politics coverage, we're not slowing down, or stopping anytime soon.

Some words from our Global Editorial Director @katie-drummond.bsky.social:

How do Claude models perform on the 2025 AI puzzle competition? In this article I read 2.5 million characters output by Claude models to score them on the 3 problems I proposed in the previous articles.

After testing OpenAI and Gemini models on the 3 puzzle problems proposed in January on my blog, it is time to look at how Claude models answer them. Tested only versions 3 and 3.5 since I ran the scripts back in Jan, but even so the models performed quite well.

More on my blog: mihai.page/ai-2025-5