An open source security event brought discussions of supply chain security and managing flaws in open source projects.