Intellectual Property

Open source software is typically distributed under specific licensing terms and conditions that may affect how the software can be used, modified, and distributed. Compliance with these licensing requirements is essential to ensure that the organization does not infringe on the intellectual property rights of the software developers or violate the terms of the license.

Deployment has an impact on the choice of licenses. e.g. free-for-use machine learning packages, running on specific Nvidia chips. Nvidia license says you shouldn't develop on the software unless you run on Nvidia hardware.
SGX Confidential Computing Consortium (more a hardware issue)

Open source development on top of prioprietary codebase

Intersection With Open Source

When you contribute to an existing open source project, you need to be in compliance with the license of that project. This creates a further area for legal involvement, since at Level 2 of the OSMM we only considered licenses from the point of view of consumption.

Note: Some unusual open source licenses have expectations around warranty and liability or even providing on-going support for the work contributed.

Controls

All data and documentation within a bank must be given an information classification. E.g. public, confidential, etc.
Part of the Publication process should be to make sure that only public information is allowed to be contributed.
Integrate firm Identity and Access Management (IAM) with the Publication process.
Ensure the Publication process only allows contribution to firm-approved repositories.