Source Code Control Limited

General information

Source Code Control specialises in building business processes to manage risks in open source software applications developed in-house or by third party suppliers. We help organisations who develop or modify software become responsible software organisations who can transparently demonstrate to their customers how they avoid passing on risk and keep customers protected.

Open source software code risk, although a technical problem, the risk created is a business risk with business implications.

WHAT WE DO: Source Code Control helps organisations leverage all the benefits of using Open Source Software to create applications while minimising risk such as Intellectual Property and security vulnerabilities. We want developers to be free to do what they do best and create and develop great software by creating processes to ensure IP and security vulnerabilities are not engineered into their solutions.

HOW WE DO IT: Rather than find vulnerabilities and IP issues after software is developed we create processes and Open Source policies that avoid issues being engineered in to software through the development cycle. We call this continuous compliance. We give full visibility to both business management and development to issues as they arise so there is full transparency across an organisation. We use agile principles in our service delivery, breaking down solutions into smaller task which are allocated across our team and their work is continuously integrated into the overall solution.

OUR STORY: Source Code Control Ltd takes the principles of Software Asset Management and apply them to the control of open source software components used by developers to build applications. The use of Open Source Software has accelerated in recent years driven by technologists but the business controls to manage risk have not kept pace. We have create the process and frameworks to implement these business controls and ensure companies make the most of all the benefits delivered by Open Source as both a development model and business model. We believe each component of Open Source Software used by developers should be treated as an asset.

WHAT MAKES US DIFFERENT: With over 25 years’ experience of providing business level risk management solutions to software risk issues. We focus BUSINESS RISK i.e.. addressing the business impact of risks and strategies to minimise these risks. I am an active member or such as TechUK (http://www.techuk.org/) and Open Source Consortium (http://www.opensourceconsortium.org/

SCENARIOS OUR SERVICES ARE USED

Venture Capital/Private Equity Funding Software Code Due Diligence

Any Technology organisation developing software leveraging Open Source Software components who need to demonstrate to clients, insurance companies, investors (VC, Private Equity) that software they develop is secure and have no IP issues which could impact use of the technology.
VC/Private Equity investors looking to invest in tech companies who need independent review of software for risks such as IP or security that could impact the return on any investment.

For more details visit Link...

Tech Company Cyber Insurance Risk Profiling

Any tech company developing software as part of their tech solution( Firmware in IoT, applications, portals) could have risk developed in. Most cyber strategies are to defend and react to attacks.

Most companies do not look at the risk in open source software components developers are using to build an application.

In a Cyber Compliance/assurance there should be a layer for looking at code if it is relevant to the organisation looking for insurance. We can produce a report with all the components of the applications how they are licensed (which can be another risk you may want to look at) and whether there are known security vulnerabilities.

IoT Software Supply Chain Risk Management Service

The use of software powered embedded devices is poised for massive growth over the next few years as medical devices, automotive and consumer electronics industries all embrace the Internet of Things (IoT). Not only will the fields embracing IoT be diverse, but also the devices themselves will be diverse, from everyday computers and tablets to sensors, light switches, thermostats and the infrastructure supporting them.

The IoT industry will rely on software to run a small army of embedded devices. In order for technology companies to meet the demand and pace of development much of the software used will rely on open source technologies, with the final software assembled from an even deeper universe of IoT code libraries and web-based protocols accessing a mesh of fast-evolving.

For more information visit link...

Removing Barriers to the Uptake of Open Source Software - Open Source Public Sector Procurement Service - "Software Custodian as a Service"

Public sector procurement organisations such as Crown Commercial Services in the UK are guiding public sector organisations to facilitate the procurement of open source software based solutions. However there is little or no guidance of how to negotiate contracts and measure the effectiveness of open source software solutions compared to proprietary solutions.

The "Custodian as a Service" is a combination of guidance and tookits that will educate public sector organisations of the commercial models of open source software suppliers and what metrics to include to evaluate these solutions. Wrapped around this service are a set of services to govern and independently validate the solutions.

The toolkit for procurement will provide guidance in contractual requirements when purchasing an open source software solution including:

Practical resources to help take the pain out of the decision making process
Support and maintenance terms
Security vulnerability management
SLAs for security patching
Transparency of what is in the source code
Open source software licensing and implications related to licensing
Training program for procurement managers
For more information visit link...

TYPES OF ORGANISATIONS WE SERVICE

Technology companies who need to understand if they have any business risk in software they are producing.

Technology/Cyber Insurance organisations who need to understand how well prospective customers are managing risk in their software.

Tech companies looking for VC funding who need to ensure their code is in order and ready for due diligence

VC/Investors looking to invest in tech companies and need to undertake due diligence of code for IP or security risks which may impact future returns.