# Cyber security

> "It should not require an expert to make the system secure, it should require an expert to make it insecure."

{% tabs %}
{% tab title="✅ Checklist:" %} <mark style="color:yellow;">From high value add-high priority to high value add-lesser priority,</mark> a GOOD project should check all these boxes!
{% endtab %}

{% tab title="Read me!" %} <mark style="color:yellow;">Checklist:</mark>

* [ ] Has a Data Protection Impact Assessment been conducted?
* [ ] Are the security features audited and assured by a third party assessing authority?&#x20;
* [ ] Are risks and mitigations documented?&#x20;
* [ ] Are backup, redundancy, continuity and recovery procedures documented?&#x20;
* [ ] Does the project proactively utilise security and privacy best practices resources? If yes, which resources?&#x20;
* [ ] Does the project identify, document, mitigate, and manage security and privacy risks, including for downstream and upstream software dependencies (supply chain)?
  {% endtab %}
  {% endtabs %}

{% tabs %}
{% tab title="🚀 Next Steps" %}

#### <mark style="color:yellow;">What can you do to make your open source solution more secure?</mark>&#x20;

{% endtab %}

{% tab title="Do This!" %}
If you want to learn more about open source risk and how to mitigate it, here are some steps you can take:<br>

1. Read the annual "[Open Source Security and Risk Analysis](https://www.synopsys.com/software-integrity/resources/analyst-reports/open-source-security-risk-analysis.html)" (OSSRA) report to understand the current state of open source vulnerabilities and risks.
2. Research [open source risk management organisations](https://www.synopsys.com/software-integrity/open-source-software-audit.html) and consulting firms that can provide guidance and tools for identifying and addressing open source risks in your own organisation.
3. Look for articles, blogs, and webinars online that offer [tips and best practices for managing open source risk](https://www.synopsys.com/blogs/software-security/category/open-source-and-software-supply-chain-risks/).
4. [Get in touch with experts in the field of open source risk management](https://www.synopsys.com/software-integrity/contact-sales.html), to get personalised advice and guidance tailored to your organisation's specific needs.
5. Consider implementing [automated solutions for open source management and security](https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html), to help you detect and resolve vulnerabilities, and to stay compliant with open source licenses.

By taking these steps, you can learn more about open source risk and take the necessary steps to mitigate it, ensuring the security and compliance of your organisation's software.
{% endtab %}
{% endtabs %}

{% hint style="info" %}
📌 Remember! <mark style="color:yellow;">Best practices for installation for cyber security practises should be a requirement</mark> instead of just bare minimum technical documentation to get the software running.&#x20;

🔴 Even secure software can be made insecure with bad installation.&#x20;
{% endhint %}