Adam Baldwin (@adam_baldwin)

Amélie Koran (@webjedi)

Log4j vulnerability

https://logging.apache.org/log4j/2.x/license.html

https://www.theregister.com/2021/12/14/log4j_vulnerability_open_source_funding/

https://www.zdnet.com/article/security-firm-blumira-discovers-major-new-log4j-attack-vector/ 

F/OSS developer deliberately bricks his software in retaliation for big companies not supporting OSS. 

https://twitter.com/BleepinComputer/status/1480182019854327808

https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/

https://developers.slashdot.org/story/22/01/09/2336239/open-source-developer-intentionally-corrupts-his-own-widely-used-libraries

Faker.js -  https://www.npmjs.com/package/faker Generate massive amounts of fake contextual data

Colors.js -  https://www.npmjs.com/pafaker - npmckage/colors get color and style in your node.js console

https://abc7ny.com/suspicious-package-queens-astoria-fire/6425363/

Should OSS teams expect payment for giving their time/code away for free? What are their expectations

Should open source projects be aware of how popular they are? What happens when they reach a certain level of popularity? 

OSS Sustainability - https://github.blog/2019-01-17-lets-talk-about-open-source-sustainability/

https://webjedi.net/2022/01/03/security-puppy/

Apparently, “Hobbyists” were the bane of a young Bill Gates: (can you https://en.wikipedia.org/wiki/Open_Letter_to_Hobbyists

https://en.wikipedia.org/wiki/History_of_free_and_open-source_software

History of open source

Licensing Overview: https://youtu.be/Eu_GvrSlShI (this was a talk I gave for Splunk on this)

Event-stream = https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/hacker-infects-node-js-package-to-steal-from-bitcoin-wallets

https://libraries.io/

• Libraries.io monitors 5,039,738 open source packages across 32 different package managers, so you don't have to.