The US Department of Defense (2022) recommends that organizations select open source software components that demonstrate six specific security and maintenance best practices: active use of detection tools in integration pipelines, transparent vulnerability reporting processes, a history of security reviews, regular cybersecurity testing (including third-party audits), a commitment to issue resolution, and a track record of timely vulnerability remediation.

Authors

• Person: Not available Organization: Department for Science, Innovation and Technology
  Open source software best practices and supply chain risk ... - GOV.UK

Sources

• Open source software best practices and supply chain risk ... - GOV.UK www.gov.uk Department for Science, Innovation and Technology via serper

Referenced by nodes (1)

• DoD entity