Posts tagged 'best-practices'

Your use of open source is an ongoing process, not a one-time event. Therefore, open source management should be fit into the business processes of your organization, with a focus on simplifying long-term compliance. A few tips can help you be more effective.

Read More

You may remember the 2017 Equifax data breach. The records of more than 160 million people were exposed, making it one of the largest cybercrimes related to identity theft. Among various other penalties, Equifax was required to pay out $300 million to a fund for victim compensation, $175 million to the states and territories in the agreement, and $100 million to the CFPB in fines. The cause of the data breach? Not updating an open source component on Equifax's website.

Read More

Last year, the Biden administration issued the Executive Order on Improving the Nation's Cybersecurity. What most open source personnel don't realize - yet - is that one of the results of the Executive Order will be a contract requirement to manage open source risks as a mandatory contract term for anyone supplying the Federal Government.

Read More

So much of what we do in OSPOs is about trying to get things right. We usually focus on the positive sides of engaging with open source: lower costs, greater control, faster time-to-market, and higher developer satisfaction. But that doesn't mean that we also don't keep an eye on open source risks. A number of independent events have all converged to markedly increase the legal risk of poor open source practices.

Read More