Skip to main content

Open Source Risks

This section of the OSBOK breaks down the different types of risks that enterprises face by consuming or contributing to open source software.

The Risks

Legal Risk

Legal risk refers to the potential for an organization to face legal consequences and financial or reputational harm as a result of its actions or decisions that violate laws and regulations.

Legal RiskLegal (Role)Placeholder

Codebase Risk

Large amounts of code in a project slow down development and reduce developer effectiveness because complexity has to be managed. The larger a codebase, the more bugs and vulnerabilities it will contain.

Developer (Role)CIO/CTO (Role)

Dependency Risk

Software dependency risk refers to the potential negative consequences of relying on external software components that can compromise the security, performance, or functionality of an organization's software systems.

Dependency RiskDeveloper (Role)

Staff Risk

Staff risk refers to the potential for negative consequences as a result of the actions or decisions of employees, such as fraud, data breaches, or compliance violations.

HR/Training (Role)CIO/CTO (Role)