Although open-source software (OSS) poses a number of risks, fund managers can take several steps to mitigate those risks. Managers should, for example, develop robust policies, procedures and controls regarding, among other things, the download and use of OSS, which may include the use of a committee to sign off on the introduction of new software. Additionally, managers should ensure they receive certain representations and warranties when dealing with software developers who integrate OSS into proprietary products. Finally, managers must conduct appropriate due diligence not only of OSS vendors, but of the software itself. This article, the third in a three-part series, evaluates actions fund managers can take to mitigate OSS risks, including policies, procedures and controls to adopt; ways to deal with third-party vendors; and due diligence. The first article
discussed the basics of OSS, actions governments are taking to support it, relevant regulatory guidance and ways OSS is being used by fund managers. The second article
analyzed the benefits of OSS, as well as the disadvantages and risks that it presents. For more on developing policies and procedures, see “A Checklist for Evaluating Employee Disciplinary Policies and Procedures of Private Fund Managers
” (Mar. 22, 2018); and “Will Inadequate Policies and Procedures Be the Next Major Focus for SEC Enforcement Actions?
” (Nov. 30, 2017).