The OpenSSF End Users Working Group wants end users of open-source software to pay more attention to the responsible use of the software. To this end, the Open Source Consumption Manifesto (OSCM) has now been presented.
With the manifesto, OpenSSF wants to achieve that end-users of open-source software are more conscious about usage. Ultimately, this should further improve the use of open source in development projects, is the underlying idea.
In the OSCM, the end-user organization provides fifteen so-called “guiding principles” for the use of open-source software in companies. Above all, the manifesto should encourage more effective use of the software.
Important items include good awareness of security, code quality and license use of open source. Not all open source projects are the same for this purpose, especially since they are not always well maintained, lack certain security standards and may contain risks.
Constant monitoring
Important for this, the manifesto indicates, is the constant monitoring of the various open source software (OSS) components used. These should be linked to data and behavioural feeds so that real-time decisions can be made on whether to allow the components or not.
Ultimate vendor selection
To accomplish all of this, the manifesto continues, companies and organizations must rank their used applications. They must then list the OSS, based on the software bills of materials, and identify the vendors.
Ultimately, from this they must make a final selection of vendors of the most efficient and secure open source.