This repository provides a policy template set that organization's can use for establishing security requirements for releasing software publicly as free and open source software.
The policy set includes a main policy template that can be used internally as well as templates that can be used as part of your per-project governance and documentation. The policy document is not exhaustive and may not fit your organization's specific needs. It should be used as a starting point, reviewed and approved by the appropriate people within your organization. It is generally technology and platform agnostic.
The policy template covers outbound open source concerns, and does not address using existing open source within an organization (inbound open source).
The content in this repository is released under the Creative Common's CC0 1.0 Universal (CC0 1.0) Public Domain Dedication license. There are no implied or explicit warranties for this content, and it is provided as-is and as-available.
The policy template set is focused on information security needs; your organization should establish policies for general outbound open source governance as well.
This template may not cover all necessary use cases for your organization and should not be considered final or fit for any specific purpose.
The statements contained herein should not be construed as legal advice, please consult a lawyer to ensure compliance with any applicable laws or standards.