Skip main navigation (Press Enter).

Due Diligence and Ongoing Monitoring

View Only

Ncontracts State of TPRM 2026

Back to discussions

Expand all | Collapse all

Open Source Software relationships

Miranda Thurmond06-22-2022 07:02 AM

Does anyone have any considerations around open source software relationships with vendors? Should ...

Greg Schmeisser06-23-2022 07:18 AM

Appropriate handling of Open Source is an ongoing discussion with my cyber, technology/development, ...

1. Open Source Software relationships

Like
Miranda Thurmond
Posted 06-22-2022 07:02 AM
Does anyone have any considerations around open source software relationships with vendors?

Should we create a new tier for these kind of relationships since there will more than likely be very little due diligence needed?
2. RE: Open Source Software relationships

Like
Greg Schmeisser
Posted 06-23-2022 07:18 AM
Appropriate handling of Open Source is an ongoing discussion with my cyber, technology/development, and TPRM teams.

What level of tracking is relevant for TPRM? Is that relevance different for cyber (breach vulnerability), technology/development (support concerns) ?

Should TPRM inventory include Open Source tools/utilities, Open Source solutions, Open Source components, use of Open Source in commercial software solutions (Nth party - is Nth party even possible), where do GitHub/GitLab fit in, etc. ?

Interested in seeing other opinions on this topic.

Thanks.

Powered by Higher Logic

Global message icon