Definitive Guide Series Definitive Guide Series Open-Source Component Best Practices If you use open-source components in your apps, that means you have risk. Even the most cautious consumers are vulnerable to attacks. We … Read more NOW “Definitive Guide Series”
Lost on Open Source Licenses in Los Angeles Leave a Comment / April 5, 2022 April 19, 2022 Lost on Open Source Licenses in Los Angeles Dear Sloan, I was told that an open source license for one of my OSS components that I am using in a … Read more NOW “Lost on Open Source Licenses in Los Angeles”
Cybersecurity and SBOMs – I’m Stumped in Seattle Leave a Comment / March 2, 2022 June 8, 2022 “Cybersecurity and SBOMs – I’m Stumped in Seattle” Dear Sloan, What’s an SBOM? Is it part of cybersecurity? I hear people at work talking about this, and I’m afraid to … Read more NOW “Cybersecurity and SBOMs – I’m Stumped in Seattle”
Open Source Software: To be, or Not to be Free? Leave a Comment / February 22, 2022 April 26, 2022 “Open Source Software: To be, or Not to be Free?” Dear Sloan, I’m an experienced project manager, who recently took a job in technology. Coming from the healthcare industry, I … Read more NOW “Open Source Software: To be, or Not to be Free?”
Two Stages of Your Relationship with Components Two Stages of Your Relationship with Components Pre- and Post-Consumption Before we begin, it’s important to acknowledge that there are two stages in your relationship to open-source components. The first … Read more NOW “Two Stages of Your Relationship with Components”
Baselining Your Component Usage Baselining Your Component Usage Risk Let’s talk about risk. You’re probably reading this guide to find out how to remove some, if not all, of the risk from your product. … Read more NOW “Baselining Your Component Usage”
What is Component Security Risk? What is Component Security Risk? What is Security Risk? When you think about risk from open source components, security risks are probably what come to mind. Security risks are flaws … Read more NOW “What is Component Security Risk?”
What is Component License Risk? What is Component License Risk? What is License Risk? A component is open source when its author(s) distribute it with an open-source license attached. Open-source licenses place restrictions on the … Read more NOW “What is Component License Risk?”
What is Component Quality Risk? What is Component Quality Risk? Just as someone would scrutinize the qualities of a restaurant or their kids’ new friends, organizations should be very discerning when selecting open source components. … Read more NOW “What is Component Quality Risk?”
What are Transitive Dependencies? What are Transitive Dependencies? Open source components typically are not operational on their own. They often include and depend on the functionality of other open source components in order to … Read more NOW “What are Transitive Dependencies?”