alt Hacker NewsI do believe that for governments, 5 million pounds etc. might be a comparatively small amount and putting that within open source / (supply-chain security innovation in this case) might be the right way to go.
I also believe that in a similar fashion, Open source, say libreoffice devs etc should also be funded by govt's.
A bit of the reason behind supply chain attacks can be that the developers/maintainers are underfunded too.
Agree, and we saw this play out with Trivy/TeamPCP recently. One misconfigured workflow, underfunded maintainers, and it spread across five ecosystems in days. £5M split between projects is a start but pretty thin. Hope it sets a precedent though.