Add question about formal monitoring of cross-org dependencies

todogroup / osposurvey

Open Source Programs (OSPO) Survey

https://todogroup.org

Creative Commons Attribution Share Alike 4.0 International

70 stars 26 forks source link

Add question about formal monitoring of cross-org dependencies #85

Closed sstruble closed 3 years ago

sstruble commented 3 years ago

Somewhere in Part 2: Does your company monitor cross-organizational open source dependencies?

Yes - informally
Yes- formally
I don’t know
No

This could also be turned into another line item in Part 1/Question 3, although I think it would be interesting to ask this separately as a more operationally focused question

LawrenceHecht commented 3 years ago

How are they monitoring it? Do they think it is important?

LawrenceHecht commented 3 years ago

Decided not to include because this goes deep into SCA and SBOM capabilities and governance requirements.