Like most modern software, we rely on the contributions of the open source community to build Dovetail. We are also supporters of many open source projects that we use, both financially and through code contributions.
We also understand that our software supply chain is integral to protecting customer data and that our customers may want more information about our use of open source software. We have described the measures we take as it relates to open source software to ensure appropriate use and to reduce the risks of open source software.
We ensure that any open source code that we use is licensed under an appropriate license where it can be utilized and distributed within our services. These licenses include but are not limited to:
We do not publicly provide attribution notices for all open source code used unless required by the license. We do use any open source code licensed under GPL.
We utilize a number of different mechanisms for detecting public vulnerabilities in open source software based on the development ecosystem.