Knowledge Tree
Home Research Docs About
entity

GOV.UK

Facts (14)

Sources
Open source software best practices and supply chain risk ... - GOV.UK gov.uk Department for Science, Innovation and Technology Mar 3, 2025 14 facts
perspectiveThe authors of the GOV.UK publication recommend that organizations actively engage with the Open Source Software (OSS) community to realize various benefits.
accountThe research for the GOV.UK publication included semi-structured interviews with 8 individuals from public sector organizations, micro-enterprises, and large corporations, including roles such as lead developers, chief technical officers, heads of development, directors, and project managers.
claimThe GOV.UK report recommends that organizations leverage tooling to automate the management of open source software components to reduce time and resource pressures, particularly for smaller organizations.
perspectiveThe authors of the GOV.UK report found that there is not a distinct 'open-source' culture, but rather a collaborative and innovative culture that is conducive to using open-source software.
accountInterviews conducted by the authors of the GOV.UK publication revealed that the majority of interviewed organizations do not actively contribute back to the Open Source Software (OSS) community.
referenceThe authors of the GOV.UK report on open-source software best practices identified four main takeaways from their literature review and expert interviews: Broad yet Evolving Guidance, Lack of Industry-Specific Best Practices, Lack of Scale-Appropriate Best Practices, and Disagreements and Diversity in Approaches.
claimInterviews conducted for the GOV.UK publication found that hosting events is not widely used in practice by organisations, despite it being a recommended best practice.
claimThe authors of the GOV.UK report on open source software best practices identified two significant gaps in the current landscape: a lack of industry-specific and scale-appropriate best practices, and disagreements regarding approaches to managing open source software.
perspectiveThe authors of the GOV.UK report believe that their recommended best practices will reduce the risk of using open source software, improve the quality of components, and enhance the security of the software supply chain for organizations of all sizes.
procedureThe GOV.UK report recommends that organizations manage open source software by: (1) establishing an internal open source software policy, (2) creating a Software Bill of Materials (SBOM), (3) continuously monitoring the software supply chain, and (4) promoting engagement with the open source software community.
accountThe authors of the GOV.UK report observed a disconnect between academic literature on best practices and the actual practices of organizations, ranging from small startups with single-figure employees to larger entities with eight-figure valuations, noting a discernible absence of formalized processes.
claimInterviews conducted for the GOV.UK publication revealed that very few organisations contribute to the open-source community, and those that do contribute in a limited capacity.
perspectiveThe authors of the GOV.UK report argue that the current landscape of open-source software best practices fails to reflect real-world usage and requires more research into risk management approaches tailored to organizational size.
procedureThe research methodology for the GOV.UK report on OSS best practices included a literature review of academic papers, best practices, case studies, industry standards, and interviews with field experts.