Maintain an inventory of components The most important open-source management practice that organizations should have is an inventory of which open-source components are used, and where, Mackey said. That's particularly important because of the way many organizations obtain their open-source components, Korren said. "Very few organizations use open source directly from GitHub. A lot of them are getting a copy of the project and putting it into an internal code repository. " —Tsvi Korren Teams need to go into their internal code repositories and understand whether something was written from scratch or their developers incorporated an open-source project, Korren added. Mackey advised that when taking inventory, teams should reach beyond open-source software.