Knowledge Tree
Home Research Docs About
concept

supply chain risk management

Facts (11)

Sources
Open source software best practices and supply chain risk ... - GOV.UK gov.uk Department for Science, Innovation and Technology Mar 3, 2025 7 facts
claimThe authors of the Open Source Software (OSS) best practices and supply chain risk management publication offered a £100 charitable donation on behalf of each interviewee to incentivize participation.
procedureThe authors of the Open Source Software (OSS) best practices and supply chain risk management publication selected standards based on four criteria: scope and detail (coverage of OSS needs), relevance (industry adoption), adaptability (suitability for organizations of different sizes), and comprehensiveness (coverage of topics from licensing to security).
claimThe authors of the Open Source Software (OSS) best practices and supply chain risk management publication used open-ended questions during interviews to encourage detailed responses and insights.
procedureThe authors of the Open Source Software (OSS) best practices and supply chain risk management publication secured consent from interviewees and recorded the interviews for data analysis.
procedureThe authors of the Open Source Software (OSS) best practices and supply chain risk management publication recruited interviewees by connecting with members of public technology-focused forums (Sheffield Digital, techlondon, and Berlin Techs), searching LinkedIn using keywords like “open-source”, “OSS”, and “OSS management”, contacting authors of open-source articles or blog posts, and utilizing personal networks.
measurementThe authors of the Open Source Software (OSS) best practices and supply chain risk management publication conducted eight interviews with developers, project managers, DevOps developers, and C-suite level executives.
claimThe authors of the Open Source Software (OSS) best practices and supply chain risk management publication focused interviews on experiences with OSS, specifically approaches to adopting new OSS, managing OSS projects, and engaging with OSS communities.
bureado/awesome-software-supply-chain-security - GitHub github.com GitHub 3 facts
referenceNIST SP 800-53 Rev. 5, Security and Privacy Controls for Information Systems and Organizations, includes a Supply Chain Risk Management section.
claimSupply chain risk management practices include reproducible builds, hermetic builds, bootstrappable builds, special considerations for CI/CD systems, and best practices for building artifacts such as OCI containers.
referenceNIST SP 800-161 Rev. 1 provides guidance on supply chain risk management.
[PDF] Open Source Software Best Practices and Supply Chain Risk ... assets.publishing.service.gov.uk GOV.UK Mar 4, 2024 1 fact
claimThe report titled 'Open Source Software Best Practices and Supply Chain Risk Management' aims to map and evaluate existing best practices for managing and mitigating risks related to open-source software.