The use of FOSS by financial institutions does not pose risks that are fundamentally different from those presented by the use of proprietary or self-developed software. However, FOSS adoption and usage necessitates some distinctive risk management practices with which institutions must be familiar. This guidance describes those unique risk management practices and should be used in conjunction…