AirLST Developer Docs

# Open Source usage

General rules for any open source code usage:

  • Open Source Software (OSS) must come from a trusted source (official repositories) and have cryptographic signing for releases to ensure its integrity.

  • Choose projects that are regularly updated and maintained by an active community, ensuring potential security vulnerabilities are quickly addressed.

  • The software’s license, along with that of its dependencies, must align with the organization’s requirements to meet legal and licensing standards.

  • OSS must be applied to and approved along the change management process (POL-8 Change Management Policy).

  • Its integration must follow the development and release process (POL-82 Software Development Lifecycle Policy)

  • The Code must be kept up to date, regularly scanned for vulnerabilities and patched accordingly.

  • Security reports & policy assessments of open source software are included in the application vulnerability scans.