Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Improvement] Adding Security and/or Risk staff to supply-chain-education-leaflet-version-2-2024 #77

Open
winterrocks opened this issue May 31, 2024 · 0 comments
Open

[Improvement] Adding Security and/or Risk staff to supply-chain-education-leaflet-version-2-2024 #77

winterrocks opened this issue May 31, 2024 · 0 comments

Comments

@winterrocks
Copy link

Add Security and/or Risk stuff to "Let’s learn the basics of open source" section

Security personnel need to know the specificities of OSS security, e.g. known vulnerabilities, CVSS, is the vulnerability exploitable in the current setup, etc.
Risk personnel on the other hand need to know for example how deprecated or unsupported components increase the risks and what kind of mitigation strategies there are. Another risk factor could be a small number of contributors, the OSS project not having good security practices, etc.

Security and/or Risk personnel roles to be added to Different roles in a company have different responsibilities for open source compliance section too.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@winterrocks