Read this white paper to learn about FS-ISAC guidelines to assess risk of open source software components regardless of the source:
- Apply policies at the consumption of open source and across the SDLC
- Use controlled internal repositories to provision open source components
- Create Bill of Materials for a common reference of open source libraries and components used in application development