You might be also interested in
Back To All Blog
How AI-Generated Contributions Are Reshaping Open-Source Supply Chain Risk
AI coding tools create cheap PRs but not reviewers. Map six dimensions of open-source supply chain risk—and how to manage them before it hits your stack.
The Business Case for Contributing Back to the Open-Source Projects You Depend On
Contributing to open-source projects is supply-chain risk mitigation, not charity. Learn the fork/fund/migrate framework and how to start at SMB scale.
What GitHub and the OSS Ecosystem Are Building to Protect Maintainers from AI Slop
GitHub’s February 2026 maintainer tools, criteria-based PR gating, Mitchell Hashimoto’s Vouch project, and what meaningful OSS contribution looks like at scale.
Adding Open-Source Maintainer Health to Your Software Supply Chain Risk Process
Assess OSS maintainer health as supply-chain risk: zombie components, Contributor Absence Factor, CHAOSS viability framework, and a quarterly review process.
Curl Bug Bounty Shutdown and the Open-Source Incidents That Proved the Problem Is Real
The curl bug bounty shutdown, Node.js’s 19,000-line AI PR, Ghostty’s closed doors — documented incidents proving AI slop is breaking open source for real.
Three Open-Source Governance Orientations for Managing AI-Generated Contribution Volume
OSS AI contribution governance: the Prohibitionist, Boundary-and-Accountability, and Quality-First orientations compared via LLVM, EFF, and Ghostty policies.
Why AI Pull Requests Cost More Than They Contribute to Open-Source Projects
AI tools have cut contribution cost to near-zero while review cost stays constant. Here’s why that structural imbalance is straining open-source projects.
What AI Governance Actually Requires and Why Most Policies Fall Short
Why most AI policies fail to control risk, and what governance actually requires: operating models, accountability, runtime enforcement, and measurement.