Tag
ospo
Safeguard articles tagged "ospo" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Open Source Security
Building an OSPO security governance model for license and vulnerability risk
77% of large organizations now run an OSPO, and 91% say it owns security issues — but most still track license and CVE risk in separate spreadsheets.
Jul 15, 20266 min read
Industry Analysis
Corporate OSS Contribution Policies
Google, Microsoft, Red Hat, and a long tail of smaller companies have built contribution policies that shape how their engineers participate in open source. The policies vary more than most assume.
Apr 22, 20247 min read
Governance
Open Source Governance: Building an Enterprise Framework
Ad-hoc open source usage creates legal, security, and operational risk. This guide walks through building a governance framework that enables developers while managing risk.
Jun 28, 20227 min read