Security: a sharp vision of the versions of the Open Source components present in your code base makes possible to protect against known vulnerabilities (CVE) and weaknesses (CWE);
Security Team Open Source Software Checklist:
Since developers integrate these third-party components into the applications, it is important to make sure that the necessary thought-process and practices become natural when choosing a component:
- The license of the component must be compatible with the organization's policy
- Are there any known vulnerabilities for this component?
- Is this project still active? What is the date of the last release?
- How many contributors actively support the project?
- How many versions have been released over the last 12 months?
- For Github projects, it is always good to remember that one of the best practices is to integrate the code from an officially released version and not from the MASTER branch.
