2 February 2022

Vulnerabilities in open source software have made headlines and caused security issues for many organizations. What should we be thinking about open source? How can we better manage it? How can these organizations do better next time?

Cybersecurity goes hand in hand with compliance. And compliance is often tied to reviewers or auditors. The task of auditors is to determine whether an organization meets the requirements of any standard (cybersecurity standard because that is our theme). To accomplish this, they employ several types of verification activities, and these activities more often than not result in a request to prove that control X accomplishes what is required by the standard.