G.3.x Support Upstream Dependencies

Control Details

Objective

Sustainable open-source software.

Definition

Organizations should be responsible consumers and sustainable contributors to the open-source projects on which they depend. Mechanisms may include donating, paying open-source developers, channeling funds to projects, fundraising for regular audits of critical projects, and having paid staff dedicated to upstream contributions.

Assessment Questions

1. How do you support the projects providing your upstream dependencies?

Reference sources

1. Closing RQ3