Open source governance and compliance (pool project)

Project name Open source governance and compliance in software supply chains
Short name To-be-determined
Summary Almost all software products today incorporate third-party components, be they proprietary or open source components. These components are acquired from a vendor’s software supply chain. The vendor needs to manage this supply chain to avoid unwanted surprises from the use of open source software in these components. We are developing and applying a process template and best practices handbook (theory building and validation) for managing software supply chains.
Duration 2016-10-01 – open-end
Sponsors Industry partner who wants to remain anonymous