Reply to post:

I got 257 problems, and they're all open source: Report shines light on Wild West of software


The bogeyman of the hoarders of personal data, GDPR, also reared its head. Black Duck noted that responsibility for compliance lies not only with auditing one's own code and processes, but also ensuring that any open source in use is also compliant.

So best to just use closed source software and then any non-compliance issues aren't your problem?

Or is it actually more a case that even with closed source software you are responsible for ensuring it's compliant, even though you have no access to the code? Given everything I have heard about GDPR I would be shocked if using closed source software absolved an organisation from liability, as that is going to be far too easy to abuse. (All our software is sold to us in binary form by Subsidiary Software Inc, so we can't be liable. Oh, their EULA disclaims all liability so they can't be liable either.)

This whole question get's even more scary with things like CPU hardware compromises: Who is liable if the Intel Management Engine get's compromised and used to find and exfiltrate protected data?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020