[Improvement] Adding Security and/or Risk staff to supply-chain-education-leaflet-version-2-2024

## **Add Security and/or Risk stuff to "[Let’s learn the basics of open source](https://github.com/OpenChain-Project/Reference-Material/blob/master/Education-For-Suppliers/Supplier-Education-Leaflet/supply-chain-education-leaflet-version-2-2024/supply-chain-education-leaflet-version-2_en.md#lets-learn-the-basics-of-open-source)" section**
Security personnel need to know the specificities of OSS security, e.g. known vulnerabilities, CVSS, is the vulnerability exploitable in the current setup, etc. 
Risk personnel on the other hand need to know for example how deprecated or unsupported components increase the risks and what kind of mitigation strategies there are. Another risk factor could be a small number of contributors, the OSS project not having good security practices, etc. 

Security and/or Risk personnel roles to be added to [Different roles in a company have different responsibilities for open source compliance](https://github.com/OpenChain-Project/Reference-Material/blob/master/Education-For-Suppliers/Supplier-Education-Leaflet/supply-chain-education-leaflet-version-2-2024/supply-chain-education-leaflet-version-2_en.md#different-roles-in-a-company-have-different-responsibilities-for-open-source-compliance) section too. 


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Improvement] Adding Security and/or Risk staff to supply-chain-education-leaflet-version-2-2024 #77

Add Security and/or Risk stuff to "Let’s learn the basics of open source" section

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Improvement] Adding Security and/or Risk staff to supply-chain-education-leaflet-version-2-2024 #77

Description

Add Security and/or Risk stuff to "Let’s learn the basics of open source" section

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions