To manage open-source software risk, organizations should: (1) Establish an internal open-source software policy to manage the adoption of components, (2) Create a Software Bill of Materials (SBOM) to track components and their dependencies, and (3) Continuously monitor the software supply chain using a software composition analysis (SCA) tool to identify vulnerabilities and licensing issues.

Authors

• Person: Not available Organization: Department for Science, Innovation and Technology
  Open source software best practices and supply chain risk ... - GOV.UK

Sources

• Open source software best practices and supply chain risk ... - GOV.UK www.gov.uk Department for Science, Innovation and Technology via serper

Referenced by nodes (2)

• Software Bill of Materials (SBOM) concept
• software composition analysis concept