Skip to main content

9 docs tagged with "Dependency Risk"

View All Tags

Risks

Dependency Risk

Software dependency risk refers to the potential negative consequences of relying on external software components that can compromise the security, performance, quality or functionality of an organization's software systems.

Roles

Open Source Program Office

The Open Source Program Office (OSPO) is responsible for the overall management and direction of an organization's open source program.

Activities

Making The Case For Contribution

Organisational change can be very hard to achieve since organisations are naturally protective of themselves and the status quo. Setting up an OSPO and beginning an open source journey will seem like a risky and dangerous proposition for many parts of an organisation.

Open Source Supply Chain Security

In this article we are going to look at the growing issue of software supply chain attacks via some examples and then look at the emerging field of open source supply chain security: what it is, current best practices, the institutional landscape and emerging legislation.

Software Inventory

Software inventory is a precondition to most of the activities involved in OSMM level 2. The first step to licence compliance or supply chain security is to understand what software is in your estate.

Training

Artifacts

Artifact Repository

For a financial services firm, the importance of hosting an artifact repository manager such as JFrog Artifactory or Sonatype's Nexus inside the firm's firewall cannot be overstated.

Repositories

Article covering source and artifact repositories.