New control type now requiring bill of materials to assess risk of open source software components
Read this white paper to learn about FS-ISAC guidelines to assess risk of open source software components regardless of the source:
Apply policies at the consumption of open source and across the SDLC
Use controlled internal repositories to provision open source components
Create Bill of Materials for a common reference of open source libraries and components used in application development
The controls applied to the consumption of open source are less expensive to implement than fixing defects after they are deployed in production throughout the application portfolio for the financial institution.
- Financial Services | Information Sharing & Analysis Center (FS-ISAC)