Open source software is vetted by IT Security, once approved the vendor is added to the portfolio in our vendor Risk Management tool and subject to the due diligence appropriate to the risk rating assigned. From experience, these vendors are rated Minor.