Open Source Policy Builder
|
|
- Hubert Lucas
- 8 years ago
- Views:
Transcription
1 Open Source Policy Builder Effective and comprehensive open source policies are based on a thorough and unbiased organizational assessment. You can start building your organization s open source policy by answering these questions, taken from industry best practices, to develop guidelines, shared understanding, and policies. Embrace the power of open source confidently and consistently.
2 Table of Contents 1) Usage Policy and Governance of Open Source Software (OSS)...3 2) OSS License Compliance...5 3) Acquisition and Provisioning of OSS...6 4) OSS in the Supply Chain...7 5) OSS Tracking and Management...8 6) Security and Maintenance...8 7) OSS Community Interaction ) Training and Education
3 1) Usage Policy and Governance of Open Source Software (OSS) This section answers the question, How will we apply our OSS policy? Will it be on a global or divisional basis; will it govern based on usage, product, or license; or will you require product reviews and business justification before using all important aspects to building your policy. 1. What is the scope of your company s OSS policy? m Company-wide m Divisional/line of business m Department m Product 2. Who owns the creation and maintenance of your OSS policy? m Shared across groups m A standards committee (e.g. Open Source Review Board (OSRB)) m Open Source compliance officer 3. Do OSS components have to be certified before they can be implemented or deployed? If so, who certifies and what kinds of certification must be done? m None, no certification needed m Locally certified by owner or end-user m Formal certification by central IT staff m External certification m Commercial certification 4. If OSS components have to be certified before they can be implemented or deployed, when can OSS be deployed to production? m Before certification is complete m During the certification process m After certification is complete and successful 5. Which open source software (OSS) licenses are approved for use in your company s products? m All open source licenses m OSI-approved licenses only m All except reciprocal licenses m Company-specified list 3
4 6. What business justification is required before approval is given for the use of OSS in your company s products? m None needed m Must meet engineering requirements that specify the use of OSS m Must demonstrate business value total cost of ownership versus functionally-equivalent commercial software, return on investment, etc. m Must demonstrate why OSS was chosen over a commercial solution 7. Once the open source policy is established, what are the remediation requirements for existing products that incorporate OSS? m None, grandfathered in m Existing products with OSS must be inventoried (e.g., scanned, audited) within X days 8. Will OSS be distributed in your company s products? m No, all use is internal m No, but will be used in customer-facing environments m Yes, will distribute unmodified OSS externally m Yes, will distribute modified OSS externally m Yes, will integrate and distribute OSS with proprietary IP 9. Can OSS distributed in your company s products be modified? m No, must be used in native form m Can be modified with approval m Can be modified in specified ways m Can be modified in any way if not distributed m Can be modified without restriction 10. Are source code and binary code scanning required of all software in a distributed product to avoid IP infringement? m No m Yes, source code and binary code must be fingerprinted upon initial acquisition only m Yes, source code and binary code must be scanned periodically m Yes, source code and binary code must be scanned prior to company s product being commercially shipped m Other : 4
5 2) OSS License Compliance Perhaps one of the biggest concerns in the use of OSS today is license compliance. This section helps you answer the question of how your organization will handle the Who, what, when, and how of OSS license compliance. 1. Who in your organization is responsible for understanding and ensuring compliance with the terms and conditions of OSS licenses? m Legal m Audit m Engineering m Individual developers m IT management m Open Source Review Board (OSRB) m All of the above 2. What level in your organization is responsible for understanding and ensuring compliance with the terms and conditions of OSS licenses? m Corporate officer m Board of directors m Company counsel 3. Where can your customers obtain source code for products purchased from your company for license compliance purposes? m From the company via physical media through a fulfillment process m From the company site e.g., m From the Internet, any source (e.g., SourceForge, GitHub, Google Code, CodeProject, or other repositories) m From a third party supplier, e.g., Red Hat, IBM 4. What provisions (if any) are in place for dealing with software license conflicts? m None m Light we are only concerned with product-level licenses and potential conflicts m Robust we have the requisite tooling and procedures to identify all licensed software within the product 5
6 3) Acquisition and Provisioning of OSS OSS rarely goes through the well-established software procurement processes created by your organization. In many cases this doesn t pose an issue but, if no process exists, problems can occur down the road that could significantly increase risks. This section answers the question of how you manage the procurement of OSS. 1. Who owns OSS that is brought into the company for the express purpose of using in company products? Who is responsible for the initial acquisition and lifecycle management of an OSS component? m Individual developer m Each OSS component has a named owner m One person or central body/team, e.g. OSRB 2. Who is authorized to bring in OSS that will be used in the company s products? m Any employee m Only authorized employee(s) m Only Open Source Review Board (OSRB) 3. How do company employees acquire OSS for use in company products? m From the internet regardless of repository m From the public repository at OpenLogic Exchange ( m Internal, centralized location governed by the OSRB 4. Who is responsible for initiating OSS acquisition? m Individual developer m Procurement/supply chain management m Designated person or central body/team, e.g. OSRB m Requests are directed to the OSRB 6
7 4) OSS in the Supply Chain If you use and distribute OSS in your commercial products, you are ultimately responsible for license compliance even if that OSS was contained in a component obtained from a supplier. For an example of why this is important please see: An often-overlooked component of OSS policies is how you will handle OSS that comes into your organization from the supply chain. This section helps you build that component of your policy. 1. What are the requirements for software delivered to your company from a supplier? m None, it s the responsibility of the supplier to make sure they are adhering to any and all OSS or proprietary licenses m The supplier must detail all software in their components, including the specific licenses under which the software is being made available m The supplier must provide a contractual bill of lading that includes a detailed list of software, license(s), and test results from a code scan (e.g., OpenLogic) 2. How do your partners acquire OSS for use in your company s products? m From the internet regardless of repository m From the public repository at OpenLogic Exchange ( m An internal, centralized location governed by the partner s OSRB 3. What kind of indemnification must be provided by vendors who supply software to your company? m None software is provided as is m Minimal terms of license is sufficient m Full indemnification 4. What are the minimum damages required when dealing with a vendor that supplies software to your organization? m None (no damages; sufficient to cure the breach in an agreed-to timeframe) m Partial (damages only in actual costs incurred by company to address the breach) m Full (damages cover all costs including indirect costs e.g., loss of reputation) 5. What warranties must be obtained from vendors that supply software to your company? (e.g., free replacement of code that infringes on IP) m None (no warranties) m Bare bones all software provided as is m Vendor-supplied software includes/does not include OSS (simple yes/no) 6. Are vendors that supply software to your company required to run an OSS scan? m No m Only when vendors supply software that will be used in a product shipped to customers m Only when using outsourcers (commercial off the shelf (COTS) excluded) m Always 7
8 7. Does your company distinguish between companies that supply OSS and companies that provide proprietary software? m No m Yes 5) OSS Tracking and Management The heart of an OSS policy is how you plan to track the OSS used in your organization. This section helps you answer the question of how OSS is managed and tracked. 1. Who is responsible for maintaining inventory, usage, and other metadata related to OSS components, including licenses? m Individual developer m Company legal department m Each OSS component has a named owner m One central person or central body/team, e.g., Open Source Review Board (OSRB) 2. How are OSS components/projects tracked within your company? m No special project tracking of the repository m Custom-built project tracking tool m A vendor-provided tool (e.g., OpenLogic) 3. Where is OSS used in distributed company products housed? m Developer responsibility m Centrally-managed repository m Vendor-managed repository (e.g., OpenLogic) 6) Security and Maintenance Tracking is just part of the solution in terms of managing OSS. Maintaining your OSS and insuring you minimize associated security vulnerabilities and exposures is key to a successful OSS policy. This section answers the question of how you manage the security and maintenance of the OSS. 1. What level of technical support must be in place prior to implementing OSS in company products? m Individual developer responsibility m Provided by a formal internal team, development, or central IT m Combination of internal and external providers m Must have SLA signed with business partner 8
9 2. Who is responsible for overseeing the security of OSS components? Who will check if the code contains vulnerabilities? Who is responsible for applying security patches? m Individual end-user m One central person or central body/team, e.g. Open Source Review Board (OSRB) m Team to be named m IT security staff 3. What kind of security/integrity review is required before OSS is procured? m None m Download from an OSRB-approved repository is sufficient m MD5 checksum or other prevailing security verification method m Virus scan with an up-to-date fingerprint library m Complete source code scanning for security and integrity m Manual review 4. What kind of security/integrity review is required before OSS is incorporated into your company s products? m None m Verified download from an OSRB-approved repository is sufficient m Verified MD5 checksum (against OSRB-registered MD5) or other prevailing security verification method m Virus scan with an up-to-date fingerprint library m Complete source code scanning for security and integrity m Manual review 5. What kind of security/integrity review is required before shipping products that include OSS? m None m Company-conducted complete source code and binary code scanning for security and integrity m Certified scan results provided by supply chain vendors that include OSS in the components they supply to the company m Manual review 6. How will your company address project forking or abandonment of OSS used in company products? Are there alternate vendors/suppliers available? m Manage when it happens m Alternate vendor/suppliers are listed or identified prior to incorporating the software within company products m Active written response plan 7. Is there a minimum technical standard that must be met for OSS to be brought into the company for use in distributed products? m None developers take all the responsibility and use at their own risk m Project must be considered stable in SourceForge/Github and/or community must be considered stable (subject to approval by OSRB) m Must have significant widespread adoption as measured by downloads m Must have significant commercial base, i.e. MySQL dual-license 9
10 7) OSS Community Interaction Inevitably, as your developers use OSS, they will have interaction with OSS communities and groups. Whether it s to ask questions about packages they use or becoming committers and contributors on OSS projects, it s important that you have a policy in place to retain proprietary in using OSS and to protect the intellectual property created by your organization. This section answers the question of how to manage the interaction of your developers with the open source community. 1. Are contributions to open source projects allowed? m No m Yes, but only indirectly via use of a proxy (e.g., supplier) m Yes, with valid business need and/or approval from management/open Source Review Board (OSRB) m Yes, but only on employees own time m Yes, but employees must use non-corporate addresses for interacting with the community m Yes, no restrictions 2. When can an employee make a contribution to an OSS project if it is not related to company business? m Never this is a possible violation of employment contracts m Always, without attribution to company name and on employee s personal time and no requirement to inform the company of such activity 3. When can employees communicate with OSS communities (with company attribution)? m Never m When business need dictates but subject to approval/oversight of OSRB along with company communications department m Freely for any reason subject to employment guidelines 4. Are employees allowed to speak publicly about your organization s use of OSS in products? m No m Yes, with prior management approval m Yes, with specified approved topics m Yes, under any circumstance 10
11 8) Training and Education OSS training is becoming more important as companies utilize more OSS. Not only do you need to communicate and train employees on your internal policies, it is a very good idea to educate your people on the risks associated with OSS. This section answers the question of how and what training is required around OSS. 1. What type of OSS training will you deploy in your organization? m None m Basic OSS 101 create general awareness and education of OSS issues and risks m OSS education and policies general awareness and education on internal polices for compliance purposes m Specialized by group Different training for different groups: developers, project managers, compliance managers, legal, partners, etc. 2. Who will be required to take OSS training? m No one m Only designated groups that use or interact with OSS m Partners m All employees 3. Who will develop the training? m In-house m Out source 11
12 Rogue Wave provides software development tools for mission-critical applications. Our trusted solutions address the growing complexity of building great software and accelerates the value gained from code across the enterprise. Rogue Wave s portfolio of complementary, cross-platform tools helps developers quickly build applications for strategic software initiatives. With Rogue Wave, customers improve software quality and ensure code integrity, while shortening development cycle times. Copyright 2014 Rogue Wave Software. All Rights Reserved
Open Source Policy Builder
Open Source Policy Builder In This Guide: Key issues to consider when formulating an open source policy Characteristics of best-in-class open source policies Sample open source policy statements Helping
More informationOpen Source Policy Builder
Open Source Policy Builder The following questions represent components of a comprehensive open source policy. Each question has several policy choices listed below. Your organization can build its open
More informationFOSS Governance Fundamentals
FOSS Governance Fundamentals HP Part Number: 5992-4059 Published: January 2008 Edition: 1.0 Copyright 2008 Hewlett-Packard Development Company, L.P. Legal Notice Confidential computer software. Valid license
More informationTable of contents. Best practices in open source governance. Managing the selection and proliferation of open source software across your enterprise
Best practices in open source governance Managing the selection and proliferation of open source software across your enterprise Table of contents The importance of open source governance... 2 Executive
More informationREDUCE YOUR OPEN SOURCE SECURITY RISK: STRATEGIES, TACTICS, AND TOOLS
REDUCE YOUR OPEN SOURCE SECURITY RISK: STRATEGIES, TACTICS, AND TOOLS Open source security must be a priority While there s no doubt that open source software (OSS) is here to stay, that doesn t mean that
More informationFour strategies to reduce your open source risk
Four strategies to reduce your open source risk Be aware and prepare for what could happen Rogue Wave Software / 5500 Flatiron Parkway, Suite 200 / Boulder, CO 80301, USA / www. Try and think of a single
More informationManaging Open Source Code Best Practices
Managing Open Source Code Best Practices September 24, 2008 Agenda Welcome and Introduction Eran Strod Open Source Best Practices Hal Hearst Questions & Answers Next Steps About Black Duck Software Accelerate
More informationIntellectual Property& Technology Law Journal
Intellectual Property& Technology Law Journal Edited by the Technology and Proprietary Rights Group of Weil, Gotshal & Manges LLP VOLUME 26 NUMBER 6 JUNE 2014 A Practical Approach to Working with Open
More informationDevelopment, Acquisition, Implementation, and Maintenance of Application Systems
Development, Acquisition, Implementation, and Maintenance of Application Systems Part of a series of notes to help Centers review their own Center internal management processes from the point of view of
More informationHow To Use Open Source Software
Open Source Software: What You Need to Know Presented By: Lisa Abe, Ian Kyer and Marek Nitoslawski September 15, 2005 Open source software ( OSS ): What you need to know Understanding the business and
More informationHow To Manage An Open Source Software
Executive Briefing: Four Steps to Creating an Effective Open Source Policy Greg Olson Sr. Director OSS Management Olliance Group Speaker Greg Olson Sr. Director, Open Source Management Over 30 years of
More informationFOSSBazaar A Governance Initiative to manage Free and Open Source Software life cycle
FOSSBazaar A Governance Initiative to manage Free and Open Source Software life cycle Table of contents Executive summary......2 What is FOSS Governance 3 The importance of open source governance...3 Why
More informationsource OSS Watch University of Oxford This document is licensed under http://creativecommons.org/licenses/by-sa/2.0/uk/
OSS Watch University of Oxford This document is licensed under http://creativecommons.org/licenses/by-sa/2.0/uk/ In this talk OSS Watch Impact points Reasons for considering open Policy revision and practical
More informationThe Corporate Counsel s Guide to Open Source Software Policy Implementation
The Corporate Counsel s Guide to Open Source Software Policy Implementation How to Protect the Enterprise from Risk while Helping Your Company More Efficiently Develop and Maintain Applications Black Duck
More informationUMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE
UMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE Originator Patch Management Policy Approval and Version Control Approval Process: Position or Meeting Number: Date: Recommended by Director
More informationISM Online Course Offerings
CERTIFICATION (CPSM and CPSD ) ISM Online Course Offerings 3968 Bridge Review Online Course 21 CEHs This course is designed as a review for current C.P.M. holders as part of their preparation for taking
More informationSimplifying the Challenges of Mobile Device Security Three Steps to Reduce Mobile Device Security Risks
Smartphones and tablets are invading the workplace along with the security risks they bring with them. Every day these devices go unchecked by standard vulnerability management processes, even as malware
More informationBOM based on what they input into fossology.
SPDX Tool Website SPDX Tool Description License and copyright scanner that emits license names that conform to SPDX. In March a module should be added that gives the user an SPDX FOSSology fossology.org
More informationAuditor General s Office. Governance and Management of City Computer Software Needs Improvement
Auditor General s Office Governance and Management of City Computer Software Needs Improvement Transmittal Report Audit Report Management s Response Jeffrey Griffiths, C.A., C.F.E Auditor General, City
More informationBELTUG Paper. Software Licensing Audits Checklist
BELTUG Paper Software Licensing Audits Checklist August 2015 Why this Checklist? Software licensing audits are almost always seen as an inconvenience by the targeted organisations. Together with effective
More informationAsset management guidelines
Asset management guidelines 1 IT asset management (ITAM) overview Objective Provide a single, integrated view of agency assets in order to allow agencies to identify the asset location and assess the potential
More informationWhite Paper November 2006. BMC Best Practice Process Flows for Asset Management and ITIL Configuration Management
White Paper November 2006 BMC Best Practice Process Flows for Asset and ITIL Configuration Copyright 2006 BMC Software, Inc. All rights reserved. BMC, the BMC logo, all other BMC product or service names,
More informationSimplifying the Challenges of Mobile Device Security
WHITE PAPER Three Steps to Reduce Mobile Device Security Risks Table of Contents Executive Overview 3 Mobile Device Security: 3 Just as Critical as Security for Desktops, Servers, and Networks 3 Find the
More informationDOT.Comm Oversight Committee Policy
DOT.Comm Oversight Committee Policy Enterprise Computing Software Policy Service Owner: DOTComm Operations Effective Date: TBD Review Schedule: Annual Last Review Date: Last Revision Date: Approved by:
More informationThe 7 Myths of IP Risk: The Real Exposure Issues with Free and Open Source Software. Black Duck Software White Paper
The 7 Myths of IP Risk: The Real Exposure Issues with Free and Open Source Software Black Duck Software White Paper FOSS is widely recognized as providing significant technology, innovation and financial
More informationagility made possible
SOLUTION BRIEF CA IT Asset Manager how can I manage my asset lifecycle, maximize the value of my IT investments, and get a portfolio view of all my assets? agility made possible helps reduce costs, automate
More informationSoftware as a Service: Guiding Principles
Software as a Service: Guiding Principles As the Office of Information Technology (OIT) works in partnership with colleges and business units across the University, its common goals are to: substantially
More informationSOLUTION BRIEF: CA IT ASSET MANAGER. How can I reduce IT asset costs to address my organization s budget pressures?
SOLUTION BRIEF: CA IT ASSET MANAGER How can I reduce IT asset costs to address my organization s budget pressures? CA IT Asset Manager helps you optimize your IT investments and avoid overspending by enabling
More informationThe Security Development Lifecycle at SAP How SAP Builds Security into Software Products
SAP Security Concepts and Implementation The Security Development Lifecycle at SAP How SAP Builds Security into Software Products Table of Contents 4 Integrating Security Right from the Start 4 Establishing
More informationGOVERNANCE AND MANAGEMENT OF CITY COMPUTER SOFTWARE NEEDS IMPROVEMENT. January 7, 2011
APPENDIX 1 GOVERNANCE AND MANAGEMENT OF CITY COMPUTER SOFTWARE NEEDS IMPROVEMENT January 7, 2011 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS
More informationVulnerability management lifecycle: defining vulnerability management
Framework for building a vulnerability management lifecycle program http://searchsecurity.techtarget.com/magazinecontent/framework-for-building-avulnerability-management-lifecycle-program August 2011 By
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationOpen Source Management Practices Survey What R&D Teams Are Doing, And Why Their Results Are Poor Despite Their Efforts
Open Source Management Practices Survey What R&D Teams Are Doing, And Why Their Results Are Poor Despite Their Efforts Executive Summary Our research shows that while virtually all developers use open
More informationSoftware License Asset Management (SLAM) Part 1
LANDesk White Paper Software License Asset Management (SLAM) Part 1 Five Steps to Reduce Software License Costs and Ensure Audit Preparedness Contents A Software Audit Looms in Your Future.... 3 Overbuying
More informationc University of Oxford This document is licensed under http://creativecommons.org/licenses/by-sa/2.0/uk/
OSS Watch c University of Oxford This document is licensed under http://creativecommons.org/licenses/by-sa/2.0/uk/ key messages... These are the points to take away from this talk: is more than just a
More informationOpen-Source vs. Proprietary Software Pros and Cons
Open-Source vs. Proprietary Software Pros and Cons Analyze the strengths and weaknesses of proprietary vs. open source software to determine what is best for your business. White Paper Weighing the Options
More informationBest Practices in Contract Migration
ebook Best Practices in Contract Migration Why You Should & How to Do It Introducing Contract Migration Organizations have as many as 10,000-200,000 contracts, perhaps more, yet very few organizations
More information5 Steps for a Winning Open Source Compliance Program
5 Steps for a Winning Open Source Compliance Program Kellan Ponikiewicz Peter Vescuso @black_duck_sw Black Duck 2013 Speakers Peter Vescuso EVP of Marketing Black Duck Software Kellan Ponikiewicz IP Counsel
More informationCredit Union Liability with Third-Party Processors
World Council of Credit Unions Annual Conference Credit Union Liability with Third-Party Processors Andrew (Andy) Poprawa CEO, Deposit Insurance Corporation of Ontario Canada 1 Credit Union Liability with
More informationSecurity Patch Management
The knowledge behind the network. Security Patch Management By Felicia M. Nicastro Senior Network Systems Consultant International Network Services Security Patch Management March 2003 INS Whitepaper 1
More informationScanning Open Source Software and Managing License Obligations on IBM SmartCloud. Because code travels
Scanning Open Source Software and Managing License Obligations on IBM SmartCloud Because code travels 1 Webinar Agenda Protecode & IBM SmartCloud Company IBM Partnership Solutions Managing Code Obligations
More informationDynamic Service Desk. Unified IT Management. Solution Overview
I T S E R V I C E + I T A S S E T M A N A G E M E N T INFRASTRUCTURE MANAGEMENT Dynamic Service Desk Unified IT Management Achieving business and IT alignment requires having insight into hardware and
More informationValidating Enterprise Systems: A Practical Guide
Table of Contents Validating Enterprise Systems: A Practical Guide Foreword 1 Introduction The Need for Guidance on Compliant Enterprise Systems What is an Enterprise System The Need to Validate Enterprise
More informationWebinar on Dec 9, 2009. Presented by Kim Weins, Sr. VP of Marketing and Rod Cope, CTO and Founder of OpenLogic
Top 10 Ways to Stretch Your Budget by Using Top 10 Ways to Stretch Your Budget by Using More Open Source Software in 2010 More Open Source Software in 2010 Webinar on Dec 9, 2009 Presented by Kim Weins,
More informationOPEN SOURCE SECURITY
OPEN SOURCE SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationSix Steps to SSL Certificate Lifecycle Management
Six Steps to SSL Certificate Lifecycle Management Why you need an SSL certificate management solution and how to get started +1-888-690-2424 entrust.com Table of contents Introduction Page 3 Consequences
More informationOpen Source and the New Software Supply Chain. Mark Tolliver, CEO Palamida Inc.
Open Source and the New Software Supply Chain Mark Tolliver, CEO Palamida Inc. Could You Sign This? Typical Software Project Metrics 2.9 GB 87,863 Files 8,535,345 LOC Copyright holders ~350 Archives 178
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationNexus Professional Whitepaper. Repository Management: Stages of Adoption
Sonatype Nexus Professional Whitepaper Repository Management: Stages of Adoption Adopting Repository Management Best Practices SONATYPE www.sonatype.com sales@sonatype.com +1 301-684-8080 12501 Prosperity
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationCopyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience
Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience Management Model (CERT-RMM), both developed at Carnegie
More informationTechnology Lifecycle Management. A Model for Enabling Systematic Budgeting and Administration of Government Technology Programs
Technology Lifecycle Management A Model for Enabling Systematic Budgeting and Administration of Government Technology Programs Even as technology improves, government s fundamental IT challenge remains
More informationOpen Source Management
Open Source Management Best practices for professional use of open source software Simont Braun Avenue Louise, 149/20 1050 Bruxelles T 32 2 533 17 71 F 32 2 533 17 97 E benjamin.docquir@simontbraun.eu
More informationAn Oracle White Paper January 2010. Access Certification: Addressing & Building on a Critical Security Control
An Oracle White Paper January 2010 Access Certification: Addressing & Building on a Critical Security Control Disclaimer The following is intended to outline our general product direction. It is intended
More informationEnd-User Software License Agreement
End-User Software License Agreement This End-User Software License Agreement (the Agreement ) is a license agreement between you (the Licensee ) and IMSWorkX, Inc. ( IMSWorkX ), a Delaware corporation
More informationCOMESA Guidelines on Free and Open Source Software (FOSS)
COMESA Guidelines on Free and Open Source Software (FOSS) Introduction The COMESA Guidelines on Free and Open Source Software are a follow-up to the COMESA Regional FOSS Framework of 2009 whose main objective
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More informationWhite Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management
White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK By James Christiansen, VP, Information Management Executive Summary The Common Story of a Third-Party Data Breach It begins with a story in the newspaper.
More informationIT Asset Inventory and Outsourcing: The Value of Visibility
BDNA WHITE PAPER IT Asset Inventory and Outsourcing: The Value of Visibility October 2007 bdnacorp.com U.S. Corporate Headquarters 650.625.9530 Europe, Middle East & Africa +33.1.42.27.10.71 Asia Pacific
More informationOPEN SOURCE SOFTWARE CUSTODIAN AS A SERVICE
OPEN SOURCE SOFTWARE CUSTODIAN AS A SERVICE Martin Callinan Martin.callinan@sourcecodecontrol.co Wednesday, June 15, 2016 Table of Contents Introduction... 2 Source Code Control... 2 What we do... 2 Service
More informationYour world runs on applications. Secure them with Veracode.
Application Risk Management Solutions Your world runs on applications. Secure them with Veracode. Software Security Simplified Application security risk is inherent in every organization that relies on
More informationAltiris Asset Management Suite 7.1 from Symantec
Ensuring compliance and maximizing your IT investment Overviewview In IT change is inevitable, but asset management provides a starting point for disciplined, standards-based management that elevates the
More informationFree and Open Source Software Compliance: An Operational Perspective
Free and Open Source Software Compliance: An Operational Perspective 95 Free and Open Source Software Compliance: An Operational Perspective Philip Koltun a Director of Open Compliance Program, The Linux
More informationAttachment for IBM Internet Security Systems Products and Services
IBM Customer Agreement IBM Ireland Limited Registered in Dublin: No. 16226 Registered Office: Oldbrook House 24-32 Pembroke Road Ballsbridge, Dublin 4. Attachment for IBM Internet Security Systems Products
More informationWhitepaper. Security Best Practices for Evaluating Google Apps Marketplace Applications. Introduction. At a Glance
Whitepaper Security Best Practices for Evaluating Google Apps Marketplace Applications At a Glance Intended Audience: Security Officers CIOs of large enterprises evaluating Google Apps Marketplace applications
More informationContract management's effect on in house counsel
IBM Software Industry Solutions Industry/Product Identifier Contract management's effect on in house counsel Impacting contract visibility, analysis and compliance Emptoris Contract Management Solutions
More informationGet what s right for your business. Contact @lliance Technologies.
Provisioning Looking for new technology? You need systems in line with your business goals. You also need those systems to interact seamlessly. We can help you get the right technology to the right place
More informationFree and Open-Source Software Diligence in Mergers, Acquisitions, and Investments
Free and Open-Source Software Diligence in Mergers, Acquisitions, and Investments Andrew J. Hall Fenwick & West LLP April 16, 2013 Linux Foundation Collaboration Summit Presentation Topics Introduction
More informationCA Oblicore Guarantee for Managed Service Providers
PRODUCT SHEET CA Oblicore Guarantee for Managed Service Providers CA Oblicore Guarantee for Managed Service Providers Value proposition CA Oblicore Guarantee is designed to automate, activate and accelerate
More informationContract and Vendor Management Guide
Contents 1. Guidelines for managing contracts and vendors... 2 1.1. Purpose and scope... 2 1.2. Introduction... 2 2. Contract and Vendor Management 2.1. Levels of management/segmentation... 3 2.2. Supplier
More informationLANDesk Management Suite 8, v8.1 Creating Custom Vulnerabilities
LANDesk Management Suite 8, v8.1 Creating Custom Vulnerabilities Revision 1.0 Rex Moffitt May 26, 2004 Information in this document is provided in connection with LANDesk Software products. No license,
More informationLCM IT Asset Management
LCM IT Asset Management Management Summary Version 1.0 (16.03.2011) Table of Contents 1 LCM IT Asset Management... 3 1.1 License master data... 4 1.2 Management of IT-relevant contractual relationships,
More informationBest Practices of Securing Your Software Intellectual Property Integrity...
January 31, 2005. Best Practices of Securing Your Software Intellectual Property Integrity.......... Palamida, Inc. 612 Howard Street, Suite 100 San Francisco, CA 94105 info@palamida.com 415-777-9400 www.palamida.com
More informationA Best Practice Guide
A Best Practice Guide Contents Introduction [2] The Benefits of Implementing a Privacy Management Programme [3] Developing a Comprehensive Privacy Management Programme [3] Part A Baseline Fundamentals
More informationIMPLEMENTATION DETAILS
Policy: Title: Status: 1. Introduction ISP-I11 Software License Regulations Approved Information Security Policy Documentation IMPLEMENTATION DETAILS 1.1. The Software Management Policy (ISP-S13) makes
More informationAssurance in Service-Oriented Environments
Assurance in Service-Oriented Environments Soumya Simanta Research, Technology, and System Solutions (RTSS) Program Software Engineering Institute Carnegie Mellon University Pittsburgh 15232 28 th October,
More informationHow Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits?
SOLUTION BRIEF CA SERVICE MANAGEMENT - SOFTWARE ASSET MANAGEMENT How Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits? SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR
More informationIBM Managed Security Services (Cloud Computing) hosted mobile device security management
IBM Managed Security Services (Cloud Computing) hosted mobile device security management Z125-8855-00 11-2011 Page 1 of 15 Table of Contents 1. Scope of Services... 3 2. Definitions... 3 3. Services...
More informationCITY OF WAUKESHA HUMAN RESOURCES POLICY/PROCEDURE POLICY B-20 SOFTWARE USAGE AND STANDARDIZATION
CITY OF WAUKESHA HUMAN RESOURCES POLICY/PROCEDURE POLICY B-20 SOFTWARE USAGE AND STANDARDIZATION 1.0 Purpose and Scope of Policy It is the policy of the City of Waukesha (City) to respect all computer
More informationIT Risk Management: Guide to Software Risk Assessments and Audits
IT Risk Management: Guide to Software Risk Assessments and Audits Contents Overview... 3 Executive Summary... 3 Software: Today s Biggest Security Risk... 4 How Software Risk Enters the Enterprise... 5
More informationComplete Patch Management
Complete Patch Management Targeted, Reliable and Cost-efficient Brief Secunia CSI Corporate Software Inspector Empower your organisation to take control of the vulnerability threat & optimize your ITsecurity
More informationHP Change Configuration and Release Management (CCRM) Solution
HP Change Configuration and Release Management (CCRM) Solution HP Service Manager, HP Release Control, and HP Universal CMDB For the Windows Operating System Software Version: 9.30 Concept Guide Document
More informationDUE DILIGENCE Designing and Implementing a Three-Step Cybersecurity Framework for Assessing and Vetting Third Parties (Part One of Two)
DUE DILIGENCE Designing and Implementing a Three-Step Cybersecurity Framework for Assessing and Vetting Third Parties (Part One of Two) By Amy Terry Sheehan Vendors and other third parties are vital to
More informationSharePoint Governance & Security: Where to Start
WHITE PAPER SharePoint Governance & Security: Where to Start 82% The percentage of organizations using SharePoint for sensitive content. AIIM 2012 By 2016, 20 percent of CIOs in regulated industries will
More informationIntroduction to OVAL: A new language to determine the presence of software vulnerabilities
Introduction to OVAL: A new language to determine the presence of software vulnerabilities Matthew Wojcik / Tiffany Bergeron / Robert Roberge November 2003 The MITRE Corporation Table of Contents Introduction
More informationReducing Cost and Risk Through Software Asset Management
RESEARCH SUMMARY NOVEMBER 2013 Reducing Cost and Risk Through Software Asset Management A survey conducted by CA Technologies among delegate attendees at the 2013 Gartner IT Financial, Procurement & Asset
More informationCCH INCORPORATED, A WOLTERSKLUWER COMPANY ACCESS AGREEMENT FOR THE
CCH INCORPORATED, A WOLTERSKLUWER COMPANY ACCESS AGREEMENT FOR THE Accounting Research Manager INFORMATION DATABASE PROVIDED THROUGH Mayer Hoffman McCann P.C. ("AGREEMENT" OR "ACCESS AGREEMENT") IN THIS
More informationYour Open Source Investment Know. Manage. Protect.
Using open source software provides a compelling business case, but if companies violate the software s licenses, the consequences can be more severe than they think. Open Source Risk Management s services
More informationNeXUS REPOSITORY managers
PRODUCT OVERVIEW NeXUS REPOSITORY managers Nexus OSS, Nexus Pro and Nexus Pro+ Nexus repository managers help organizations build better software, faster. Like a supply chain, applications are built by
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationIBM Tivoli Asset Management for IT
Cost-effectively manage the entire life cycle of your IT assets IBM Highlights Help control the costs of IT assets with a single product installation that tracks and manages hardware, software and related
More informationHow To Manage A Vulnerability Management Program
VULNERABILITY MANAGEMENT A White Paper Presented by: MindPoint Group, LLC 8078 Edinburgh Drive Springfield, VA 22153 (o) 703.636.2033 (f) 866.761.7457 www.mindpointgroup.com blog.mindpointgroup.com SBA
More informationMASTER SERVICES AGREEMENT - DIGITAL ADVERTISING SERVICES
MASTER SERVICES AGREEMENT - DIGITAL ADVERTISING SERVICES MASTER SERVICES AGREEMENT This Master Services Agreement (the Agreement ) shall govern the provision of services to the undersigned client (the
More informationIT ASSET MANAGEMENT SELECTED BEST PRACTICES. Sherry Irwin
IT ASSET MANAGEMENT SELECTED BEST PRACTICES Sherry Irwin IT ASSET MANAGEMENT SELECTED BEST PRACTICES By Sherry Irwin INTRODUCTION As the discipline of IT asset management (ITAM) began to evolve in the
More informationTHIRD PARTY. T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s
MANAGING THIRD PARTY RISK T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s Experis -- a different kind of talent company. Experis Tuesday, January 08,
More informationCloud Computing: Contracting and Compliance Issues for In-House Counsel
International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,
More informationFrom Private to Hybrid Clouds through Consistency and Portability
Extending IT Governance From Private to Hybrid Clouds through Consistency and Portability Gordon Haff 2 Executive summary 3 beyond information security 3 from private to public and back again 4 consistency
More informationProductivity Through Open Source Policy Compliance
Productivity Through Open Source Policy Compliance This article is part of a series on how Rational Collaborative Lifecycle Management (CLM) solutions support software development compliance. Today the
More information