Due Diligence and Ongoing Monitoring

 View Only
  • 1.  Open source software

    This message was posted by a user wishing to remain anonymous
    Posted 02-23-2023 10:24 AM
    This message was posted by a user wishing to remain anonymous

    What do you check for open-source software? What are the inherent risks that needs to be addressed in using an open-source software?



  • 2.  RE: Open source software

    Posted 02-23-2023 12:55 PM

    Some things to consider:

    1. Licensing - Check that your use case is compliant with the licensing terms. For example, not all open source is permitted for commercial use. 
    2. Vulnerability Management - Ensure you have a tool/process to check and remediate on an ongoing basis for vulnerabilities related to open source dependencies. 
    3. Support - Ensure you have a plan in case you need support caused by the open source. Some open source do not have an active community that can help figure out issues.