Open Source Software: PwC supports businesses with Managed Services
22 December, 2021
Companies are currently in the midst of a digitization process. They are not only optimising their products, services as well as the entire product development cycle, but also the organisation as a whole and the working environment. In this context, Open Source Software and its development paradigm plays an important role as the enabler of technologies:
Open Source Software functions as a viable sourcing model in a time when development capacities are dwindling and a new, modern corporate culture of “Share & Collaborate to Survive” is becoming indispensable.
Our expert for questions
Marcel Scholze
Director for Open Source Software Services at PwC Germany
Tel: +49 69 9585-1746
Email
Scalable solutions for open source software management that add value
Whether as components and dependencies in software development, operating systems or data bases, for single applications or platforms: Open Source Software is already being used extensively in almost every company. However, many businesses fail in realizing all of the benefits of Open Source Software as well as in reducing the inherent risks. The reasons for this include a lack of know-how, capacity, and technology.
PwC offers Managed Services for Open Source Software and takes over the necessary, scalable, and tailored management tasks for strategic OSS enablement, compliance and security management, SBOM creation, and supplier OSS compliance management.
Our team of trained professionals supports you in achieving more effective and efficient outcomes with applications, tools, and operating systems from Open Source Software. In doing so, we rely on the latest advancements in technology and processes.
Shifting OSS compliance and security operations to PwC increases your ability to focus on accelerating your organization’s strategic priorities.
Today’s Open Source management is challenged with:
Navigating a complex legal environment
Proactively managing internal or external risks of Open Source Software across the business.
Addressing ongoing cost pressures
Accessing existing know-how and tooling immediately instead of building it up from scratch and making significant investments.
Keeping pace with advancements in technology
Leveraging the availability of tooling and required expertise for professional compliance management of Open Source Software.
Increase agility at scale
Accessing a variable workforce, developers and flexible technology, supporting your dynamic business needs when and where you need it.
Our offer in the area of Managed Services for Open Source Software
- Code Scanning & SBOM Creation
- Suppliers SBOM Verification
- OSS Process & Compliance Training
- Supplier OSS Compliance Audits
- OSPO as a Service
Code Scanning & SBOM Creation
Reduce the need for internal resources, knowledge and tools for code scanning and achieve professional and compliant SBOMs for your products and solutions.
- Usage of PwC OSS compliance tooling (or operation of your toolchain) to scan your source code regarding OSS compliance and security aspects
- Clean-up and curation of identified components
- Clarification and remediation of identified issues, if any
- Provision of complete Software Bill of Materials (SBOM) for your software in defined data formats, e.g. SPDX 2.2.1 / ISO 5962
Suppliers SBOM Verification
Using your suppliers' SBOMs can drastically reduce the internal effort required to check incoming code. We check the correctness and completeness of your suppliers' SBOMs so you can trust them.
- Reviewing SBOMs that you receive from your suppliers
- Verify the correctness of information, completeness and validity per gathered background information and professional judgement
- Where possible, perform detailed review and check of SBOM in cooperation with supplier through code review on supplier side
- Report, discuss, and clarify identified issues and cases of doubt
- Rate and categorize results of review and suggest according further measures, where applicable
OSS Process & Compliance Training
Benefit from first-hand experience of industry experts through OSS Process and Compliance Trainings tailored to your employees’ specific needs.
- Design and align training program
- Perform target group-specific training from new hire up until senior staff per virtual sessions, web-based trainings, and on-site where possible
- Integration in annual compliance assessments including learning success control and its documentation
Supplier OSS Compliance Audits
Knowing your suppliers’ OSS Compliance Management maturity is key to reduce internal efforts and avoid double checking external code and compliance artefacts.
- Assessment of your suppliers’ OSS Compliance Management practices
- Audit as per individually designed OSS compliance audit program or per ISO 5230 requirements
- Spot checks of SBOM and OSS compliance artefacts
- Live and transparent dashboarding of progress and issues identified, if any
- Generate trust in your Software Supply Chain through trusted channels
OSPO as a Service
Access to cutting-edge OSS industry knowledge on Open Source programs can be your answer to the war of talent and the lack of in-house expertise and capacity.
- First point of contact for all questions regarding OSS compliance management
- Support the whole lifecycle of products and services to stay OSS compliant
- Ad-hoc support for OSS tooling, OSS component, OSS license, OSS integration questions, OSS security
- Check of use case, risk triggers as per use case and according license compliance considerations
“By handing over the necessary compliance and security tasks for Open Source Software to PwC, you can fully direct your capacities to value-adding product and software development practices.”
Follow us
Contact us
Director Open Source Software Services & IT Sourcing, PwC Germany
Tel: +49 151 16157049
