What security outcome are suppliers and consumers of open-source software seeking and why? #7
Unanswered
sevansdell
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Does this capture the high level security outcome suppliers and consumers of open-source software seek?
"As a supplier and consumer of Open Source Software (OSS), I want to ensure the OSS I use is licensed and secure over it's lifecycle so that I can quickly and efficiently provide automated evidence to (and answer questions from) stakeholders regarding my products and services containing OSS".
Please see the following references: for how we define the supplier and consumer persona.
If you think the high level security outcome should be different, how would you reword it, and why?
This question is part of a special interest group in OpenSSF called the "Security Toolbelt". We are a part of the Best Practices Working Group, supported by the OpenSSF Technical Advisory Council (TAC).
Beta Was this translation helpful? Give feedback.
All reactions