Open Source Software (OSS) has many benefits, but in recent years we've seen an increase in the number of attacks on applications through their OSS dependencies. I present five principles to help you use OSS safely, as well as a collection of tools to help you apply these principles in your own software supply chain. I put a special emphasis on automation, because the weakest part of even the most secure system is the humans that operate it.
32. Academic Free License · Affero General Public License ·
Apache License · Apple Public Source License · Artistic
License · Beerware · BSD License · Boost Software
License · Creative Commons Zero · CC-BY · CC-BY-SA ·
CeCILL · Common Development and Distribution License ·
Common Public License · Cryptix General License ·
Eclipse Public License · Educational Community License ·
European Union Public Licence · GNU Affero General
Public License · GNU General Public License · GNU
Lesser General Public License · IBM Public License · ISC
license · LaTeX Project Public License · Microsoft Public
License · MIT license / X11 license · Mozilla Public
License · Netscape Public License · Open Software
License · OpenSSL license · Python Software Foundation
License · Q Public License · Sleepycat License · Unlicense
· W3C Software Notice and License · Do What The F**k
You Want To Public License · XCore Open Source License
· XFree86 1.1 License · zlib/libpng license