Operational Risk
Operational Risk refers to the risk of loss resulting from inadequate or failed internal processes, human errors, systems or external events.
Operational Risk refers to the risk of loss resulting from inadequate or failed internal processes, human errors, systems or external events.
Organisational change can be very hard to achieve since organisations are naturally protective of themselves and the status quo. Setting up an OSPO and beginning an open source journey will seem like a risky and dangerous proposition for many parts of an organisation.
It is generally preferable if an Open Source Contribution Policy can be enforced via tooling (so called policy as code). However, often policy will refer to behaviours and expectations of staff which cannot be controlled through systems. In these cases, training courses will be needed to help promote desired behaviours.
In this article we are going to look at the growing issue of software supply chain attacks via some examples and then look at the emerging field of open source supply chain security: what it is, current best practices, the institutional landscape and emerging legislation.
For a financial services firm, the importance of hosting an artifact repository manager such as JFrog Artifactory or Sonatype's Nexus inside the firm's firewall cannot be overstated.
OpenChain ISO/IEC 18974:2023 defines the key requirements of a quality open source security assurance program.
Article covering source and artifact repositories.