Open Source Artifacts
This section of the OSBOK describes common artifacts either consumed or produced when managing open source software within the enterprise. Artifacts may be machine- or process- generated (such as an SBOM) or the result of human effort (such as an Open Source Strategy).
The Artifacts
Open Source Policy
An open source policy is a set of guidelines that outlines how an organization will consume, contribute to, and create open source software. It defines the rules that govern the use, distribution, and licensing of open source software within the organization. It establishes processes for evaluating open source software, managing the risks associated with its use, and ensuring compliance with legal and ethical requirements.
Open Source Strategy
THIS IS A PLACEHOLDER
Common Vulnerabilities and Exposures (CVEs)
CVEs (Common Vulnerabilities and Exposures) are standardized identifiers for publicly known cybersecurity vulnerabilities which can be leveraged in exploits. The MITRE Corporation manages the CVE program, which receives funding from the U.S. Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA).
Data Loss Prevention Software
This article looks at Data Loss Prevention (DLP) software commonly used in financial organisations and how these impact open source consumption and contribution. It is not a complete reference for the subject of DLP generally, but should act as a starting point for understanding the issues involved.
Intellectual Property
This article discusses the main types of intellectual property and their application to open source within financial services.
Software Bill of Materials (SBOM)
An SBOM, or Software Bill of Materials, is a list of all the components, libraries, and dependencies used in a software project, along with their associated version numbers and license information. There are two different SBOM formats:
Reference FOSS Policy
This is content originally from the FINOS Reference FOSS Policy Project which has not been updated recently. Feel free to suggest edits.
Open Source Program Office (OSPO)
This article talks about the Open Source Program Office (OSPO) organisational structure and its value.
Open Source Review Board (OSRB)
tbd. what is one.
Software Licenses
This article provides some basic framing around the purpose of licenses within open source.
CLAs And DCOs
This article explains the concept of the Contributor License Agreement (CLA) and Developer Certificate of Origin (DCO) and the practical implications of these for organisations consuming and contributing to open source.