Data leakage risk refers to the potential for sensitive or confidential information to be unintentionally or maliciously disclosed outside of an organization, leading to potential harm to the organization's reputation, finances, or legal standing.
Open source software is typically distributed under specific licensing terms and conditions that may affect how the software can be used, modified, and distributed. Compliance with these licensing requirements is essential to ensure that the organization does not infringe on the intellectual property rights of the software developers or violate the terms of the license.
Leakage of personal information has a knock-on to Reputational Risk and Legal Risk, as explored in the section below. As noted in the BOK activities addressing supply chain security, incorporating secure development into the Software Development Lifecycle is therefore also a compliance issue.
The Open Source Program Office (OSPO) is responsible for the overall management and direction of an organization's open source program.
THIS IS A PLACEHOLDER
We currently live in a world where OSS is everywhere, consumable, helpful and can make a positive or negative outcome on the programs we rely on. Strong open source projects can lessen technical debt, increase reusability and discoverability. For the purpose of this guide, we will cover some key principles and practices for managing your open source project effectively.
Organisational change can be very hard to achieve since organisations are naturally protective of themselves and the status quo. Setting up an OSPO and beginning an open source journey will seem like a risky and dangerous proposition for many parts of an organisation.
It is generally preferable if an Open Source Contribution Policy can be enforced via tooling (so called policy as code). However, often policy will refer to behaviours and expectations of staff which cannot be controlled through systems. In these cases, training courses will be needed to help promote desired behaviours.
This article looks at the best practices around publication (of code) to enable open source contribution.
This article looks at the best practices around surveillance (of communications) to enable open source contribution.
Using open source software within a financial services organisation poses unique challenges. This article outlines some of the potential pitfalls and solutions when getting started.
OpenChain ISO/IEC 18974:2023 defines the key requirements of a quality open source security assurance program.
Phil Holleran, Eric Sorensen and Andrew Henry (all GitHub) to FINOS Members Meeting on March 5th 2024.
Jamie Slome (Citi) to FINOS Members Meeting on April 3rd 2024.