O czym mówiliśmy
On 2022-04-04 Prawo.pl examined cybersecurity, the Polish Financial Supervision Authority (KNF) and open-source software. The case mattered to businesses because such regulations shape not only the wording of legal documents, but also the design of sales, payments, security and customer-communication processes. The discussion focused on the practical consequences of implementation and the risks arising from an overly narrow or overly formal reading of the rules. The outlet asked Tomasz Klecor for comment on the topic of the publication.
Co podkreślaliśmy
-
Software used commercially requires analysis of licences, origin and technological dependencies.
The risk can stem from open-source as well as commercial or geopolitically sensitive components.
-
A lack of awareness of where tools come from is a real compliance issue.
Small applications, plugins, libraries and frameworks can be installed without central oversight, including within regulated entities.
-
A technology audit should cover code, contracts and decision-making processes.
A developer's bare declaration is not enough if an investor or client later discovers a licence breach or a vulnerability in the supply chain.