Understanding Open Source Supply Chain | Dirk Hohndel
Modern software comprises many components that come from open source projects – these could be libraries, frameworks, toolkits or software. Just the way a car maker knows the source of each component used in their car, companies building software products and services must also have a full inventory or bill of materials (BOM) of the code they are using in their own products. It’s very important to understand the open source supply chain. But why is it important? What are the risks if companies don’t know what code is flowing through their products and services? How to track the software supply chain?
by TFiR
linux foundation
