Under a corporate point of view, free and open source software can offer material improvements such as costs reduction, flexibility and customization of services and thus let the company be able to adapt to new market trends and strengthen its business continuity.
On the other hand, however, open source software may have some disadvantages, e.g. lack of technical assistance, uncertainty about the legal liability framework and vulnerability to cyber-attacks.
Since the community is free to modify OSS, its developments are also unpredictable and such a changing and unforeseeable scenario may imply some hurdles to smoothly perform a forward-looking risk assessment within the governance and management of corporate tools.
The complexity of the cybersecurity risk-assessment for open source software may threaten managers’ and supervisors’ liability since they are responsible for the implementation of adequate governance tools and cybersecurity models.