“We are responsible for the open source we use, how we consume it, and how we manage the risk associated with that consumption,” states the new Open Source Consumption Manifesto (OSCM) drafted by the Open Source Security Foundation (OpenSSF).
The OpenSSF has released the manifesto in an effort to establish guiding principles and solidify best practices for secure and responsible open source software consumption.
Thus, the group seeks to:
- Prioritize secure consumption of open source components.
- Be aware and considerate of the developer experience.
- Build upon iterative policy-based foundations and best practices.
The manifesto calls on development organizations to adopt 12 additional guidelines, including:
- Accept open source software consumption as critical to building a secure software supply chain.
- Recognize potential risks associated with open source consumption, including vulnerabilities, malicious software, and component choice.
- Establish an open source consumption policy and regularly test against tolerance for risk, impact on development teams, and other goals.
The OpenSSF welcomes feedback on this “living document” and invites you to sign the manifesto by adding your name and submitting a pull request.
Read more at OpenSSF.
Contact FOSSlife to learn about partnership and sponsorship opportunities.