Search - National Standard Microsite
Open Source Software - Exploring the Risk (Good Practice Guide 38)
Open Source Software - Exploring the Risk (Good Practice Guide 38)
This guidance seeks to assist a range of IA professionals in exploring the risks associated with the use of Open Source Software (OSS) products. It does so by prompting a number of ‘whole lifecycle’ issues and questions which potential users should ask themselves when making software choices, not just of OSS, but also of proprietary products. This is because there are no ‘right’ or ‘wrong’ answers when it comes to the security of OSS versus that of proprietary (typically closed source code) products. There are good and bad examples of each in this respect and no one type is inherently more, or less, secure than the other.
This guidance supports the Government ICT StrategyI objective of creating a level playing field for open source software solutions. It does not evaluate, recommend or otherwise offer judgement on the following:
Specific OSS products;
Savings in running costs that an organisation may realise by the adoption of OSS over proprietary products;
The legal risks that may arise, for example from issues concerning copyright, intellectual property, or infringement of licences
This guidance was reviewed by the National Standards Assurance Board in January 2021 and was deemed to still provide relevant information
Open Source Software - Exploring the Risk (Good Practice Guide 38)_1.1.pdf