cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AppDefects
Community Champion

Managing Open Source Vulnerabilities

Calling all commercial software developers! How does your organization manage Open Source libraries/components in your builds? Do you have a centralized repository to manage your "inventory"? What is your organizations policy for vulnerability remediation? Is it the same as commercial software?

2 Replies
cclements
Newcomer II

My organization is in the process of developing our open-source policies.   We are looking for guidance from organizations such as NIST and CSF but there seems to be scant little out there.   This doesn't answer your question aside from saying that we're working on it. #open source

Caute_cautim
Community Champion

@AppDefects   If you were a partner of my organisation, you would have access to the resources you have requested.  Unfortunately, I am prohibited from sharing, unless I obtain special permission to do so, this is by corporate policy.

 

However, as you can imagine we have a deep depth of knowledge in Open Source as a developer over many years.  

 

There is some guidance here:  https://www.ibm.com/opensource/enterprise/

 

Here is our history:  https://www.ibm.com/opensource/story/

 

You may find some links, articles which may be of use to you and others.

 

Check out this as well:  https://openssf.org/

 

Also check out these guides too:  https://openssf.org/resources/guides/

 

Regards

 

Caute_Cautim