Good Component Practice is one of the most over looked silver bullets in the Open Source arsenal. Because of business pressure, we have found that companies are willing to risk using unverified open source components, trading off security for enhanced speed in development.

The Good Component Practice community site is a place where we can work together to track risks in open source components while creating a documented process for Good Component Practices. We are vendor agnostic and will be pooling resources and commentary from all corners of the open source movement including developers, IT Pros, CISOs and creators of open source components.

Our intention is to update the site daily. If you find something of interest and would like to comment on it, we would very much appreciate your input and contributions to the site.