
Security used to be something of an afterthought in software development. Security was clunky or inconvenient, often because it was a ‘bolt-on’. That has rapidly changed over the last two years. Now, the world has finally realised that security needs to be ‘baked-in’, not ‘bolted-on’. Meaningful and impactful improvements can be achieved in OSS security engineering and development across ecosystems if the work is directed by non-profit foundations and financially supported by a plurality of public and private bodies on an ongoing basis.