Read this white paper to learn about FS-ISAC guidelines to assess risk of open source software components regardless of the source:

  • Apply policies at the consumption of open source and across the SDLC
  • Use controlled internal repositories to provision open source components
  • Create Bill of Materials for a common reference of open source libraries and components used in application development 
Appropriate Software Security Control Types for Third Party Service and Product Providers