https://community.isc2.org/t5/Tech-Talk/Managing-Open-Source-Vulnerabilities/m-p/61709#M4023 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/887781263">@AppDefects</a>&nbsp;&nbsp; If you were a partner of my organisation, you would have access to the resources you have requested.&nbsp; Unfortunately, I am prohibited from sharing, unless I obtain special permission to do so, this is by corporate policy.</P><P>&nbsp;</P><P>However, as you can imagine we have a deep depth of knowledge in Open Source as a developer over many years.&nbsp;&nbsp;</P><P>&nbsp;</P><P>There is some guidance here:&nbsp; <A href="https://www.ibm.com/opensource/enterprise/" target="_blank" rel="noopener">https://www.ibm.com/opensource/enterprise/</A></P><P>&nbsp;</P><P>Here is our history:&nbsp; <A href="https://www.ibm.com/opensource/story/" target="_blank" rel="noopener">https://www.ibm.com/opensource/story/</A></P><P>&nbsp;</P><P>You may find some links, articles which may be of use to you and others.</P><P>&nbsp;</P><P>Check out this as well:&nbsp; <A href="https://openssf.org/" target="_blank" rel="noopener">https://openssf.org/</A></P><P>&nbsp;</P><P>Also check out these guides too:&nbsp; <A href="https://openssf.org/resources/guides/" target="_blank">https://openssf.org/resources/guides/</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 15 Aug 2023 21:33:07 GMT Caute_cautim 2023-08-15T21:33:07Z https://community.isc2.org/t5/Tech-Talk/Managing-Open-Source-Vulnerabilities/m-p/32909#M2358 <P>Calling all commercial software developers! How does your organization manage Open Source libraries/components in your builds? Do you have a centralized repository to manage your "inventory"? What is your organizations policy for vulnerability remediation? Is it the same as commercial software?</P> Mon, 09 Oct 2023 09:26:21 GMT https://community.isc2.org/t5/Tech-Talk/Managing-Open-Source-Vulnerabilities/m-p/32909#M2358 AppDefects 2023-10-09T09:26:21Z https://community.isc2.org/t5/Tech-Talk/Managing-Open-Source-Vulnerabilities/m-p/61691#M4021 <P>My organization is in the process of developing our open-source policies.&nbsp; &nbsp;We are looking for guidance from organizations such as NIST and CSF but there seems to be scant little out there.&nbsp; &nbsp;This doesn't answer your question aside from saying that we're working on it. #open source</P> Tue, 15 Aug 2023 13:22:39 GMT https://community.isc2.org/t5/Tech-Talk/Managing-Open-Source-Vulnerabilities/m-p/61691#M4021 cclements 2023-08-15T13:22:39Z https://community.isc2.org/t5/Tech-Talk/Managing-Open-Source-Vulnerabilities/m-p/61709#M4023 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/887781263">@AppDefects</a>&nbsp;&nbsp; If you were a partner of my organisation, you would have access to the resources you have requested.&nbsp; Unfortunately, I am prohibited from sharing, unless I obtain special permission to do so, this is by corporate policy.</P><P>&nbsp;</P><P>However, as you can imagine we have a deep depth of knowledge in Open Source as a developer over many years.&nbsp;&nbsp;</P><P>&nbsp;</P><P>There is some guidance here:&nbsp; <A href="https://www.ibm.com/opensource/enterprise/" target="_blank" rel="noopener">https://www.ibm.com/opensource/enterprise/</A></P><P>&nbsp;</P><P>Here is our history:&nbsp; <A href="https://www.ibm.com/opensource/story/" target="_blank" rel="noopener">https://www.ibm.com/opensource/story/</A></P><P>&nbsp;</P><P>You may find some links, articles which may be of use to you and others.</P><P>&nbsp;</P><P>Check out this as well:&nbsp; <A href="https://openssf.org/" target="_blank" rel="noopener">https://openssf.org/</A></P><P>&nbsp;</P><P>Also check out these guides too:&nbsp; <A href="https://openssf.org/resources/guides/" target="_blank">https://openssf.org/resources/guides/</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 15 Aug 2023 21:33:07 GMT https://community.isc2.org/t5/Tech-Talk/Managing-Open-Source-Vulnerabilities/m-p/61709#M4023 Caute_cautim 2023-08-15T21:33:07Z