License compliance: many Open Source licenses coexist in the software ecosystem. Before integrating a third-party piece of code, it is essential to ensure that your license complies with the intended distribution format. The risk here is essentially legal and financial;
Compliance / IP Team Open Source Software Checklist:
Since developers integrate these third-party components into the applications, it is important to make sure that the necessary thought-process and practices become natural when choosing a component:
- The license of the component must be compatible with the organization's policy
- Are there any known vulnerabilities for this component?
- Is this project still active? What is the date of the last release?
- How many contributors actively support the project?
- How many versions have been released over the last 12 months?
- For Github projects, it is always good to remember that one of the best practices is to integrate the code from an officially released version and not from the MASTER branch
