Managing and mitigating OSS risks
Operational risk from OSS can be managed and mitigated by an experienced partner, such as GE Digital Grid Software. We offer the right technical capabilities, thorough documentation and developer support, so that utilities can feel confident deploying Digital Energy solutions that include OSS.
Our OSS Security strategy embodies OSS best practices. To start, our Digital Energy product build pipelines only pull from a secured, internal repository that includes vetting of OSS being used. Our criteria for OSS usage are based on industry standards such as ISO/ IEC 20243 Open Trusted Technology Provider Standard (O-TTPS) and the Linux Foundation’s Core Infrastructure Initiative’s Best Practices.
We look proactively for policy violations and investigate before proceeding with usage. Additionally, OSS code is scanned on a nightly basis for new vulnerabilities. Our continuous scanning post release also helps us keep up with any newly published issues which would prompt a Digital Energy product update.
GE Digital is also investing time and effort into interoperability. We don’t want one Digital Energy product using OSS A.5 while another uses OSS A.2 – they should both use the same, patched version – A.5 if that’s the latest. For those utilities using multiple Digital Energy products, this hopefully translates to fewer components and versions to track for risk.
Finally, some utilities have expressed concerns over where they turn to get “break/fix” support for OSS components included in a GE Digital Energy solution. That’s simple – we support the solution we sell and the software therein, whether it’s GE Digital proprietary code or OSS.