In my recent blog, 'Financial Services Organizations have Open Eyes on Open Source', I shared how Sonatype's company mission aligns with the recent FS-ISAC guidelines put out by the third party software security working group. In short, open source security can't be an after thought. Security isn't only the responsibility of 'security professionals' but instead a shared responsibility for all parties involved in developing or managing an organization's software supply chain. Better put in the FS-ISAC guidelines, "the most appropriate type of control for addressing the security vulnerabilities in open source, including older versions of the open source, is one that addresses vulnerabilities before the code is deployed—i.e. by applying policy controls in the acquisition and use of open source libraries by developers."