In addition to identifying the number of maintainers supporting a project, you’ll want to look at the project’s activity level for signs that it’s being actively maintained. For example, when was the last commit? What does the issue queue look like? Are issues being addressed, and if so, how quickly? A lack of activity can indicate abandonment, inadequate support, or project immaturity. Any of these situations can lead to security risks and result in you having to take on more ownership responsibilities than would be warranted, given what you hope to get from using the project. Project status
The Careful Consumption of Open Source Software… With security-related matters, OSPOs can educate the organization on secure coding practices, dependency management, and choosing reliable dependencies. Most OSPOS already have very robust networks in the engineering, legal and security communities inside their organizations. …
… And, finally, we help manage legal risks. …
… It delivers a signed health report alongside the digital seal, which captures tampering events that could pose a security risk. …
… A project missing a license presents potential legal risk and is not following best practices, which suggests there may be other cut corners. …
… Supporting Policies and Documents Accessibility at Intel Anticorruption Policy Climate Change Policy Statement Code of Conduct CSR Report Inclusion at Intel EHS Policy Global Water Policy Human Rights Impact Assessment, Salient Risk Matrix, and Salient Human Rights Risk Mapping Intel Security Devel…
… How do you see the role of an OSPO in security? Nithya Ruff: Security has been slowly creeping up on the OSPO, and it’s been front and center for the last few years. …
… For example, a group of banks or government agencies might form a community cloud that is designed to address security, regulatory, and legal requirements specific to their sector. …
… Edgeless Systems Edgeless Systems is a cybersecurity company based in Germany. The company’s technology elevates the security of applications and workflows, enabling new and exciting forms of trustworthy data processing. …