Tag Archives: security and licensing risk

Part 2: The Internet of Everything: Code, Cars, and More


July 24, 2014 By
Wayne Jackson
Bill of Materials

In part one of my blog, It’s Just the Way Software is Made, I discussed the realities of how software is made, the birth of agile development, and the advent of component-based software development. Today, we will drive down the software supply chain to understand where your software has really coming from. I’ll also discuss why it’s important for us to instill high quality standards and governance policies in our “parts” ecosystem.

Continue reading...

An Open Discussion on Open Source Review Boards


March 17, 2014 By
Derek Weeks
Bruce Mayhew on Open Source Review Boards

The recent FS-ISAC whitepaper, “Appropriate Software Security Control Types for Third Party Service and Product Providers”, reveals the majority of internal software applications created by financial services involve acquiring open source components and libraries to augment custom developed software. While open source code is freely available and reviewed by many independent developers, that review effort does not translate into all software components and libraries being free from risk.

Continue reading...