Who's going to pay to fix open source security?

We chat about the corruption of color.js and faker.js, open source libraries widely used across GitHub and NPM. We explore some of the organizations trying to find ways to better fund and secure open source software and unpack the possibility that these kinds of disruptions will only become more common in the future.