Ashley Williams, founder and CEO of axo, discusses the unsettling reliance on unpaid open-source maintainers for crucial software security. She argues that companies often overlook these maintainers while depending on third-party vendors, exacerbating vulnerabilities. Thomas Depierre weighs in on the reluctance of maintainers to be labeled as software suppliers. The conversation delves into the pressures on maintainers and the need for sustainable funding models in the open-source realm, emphasizing the importance of integrating maintainer perspectives into supply chain strategies.