As with just about any software product these days, SimpleRisk did not write 100% of the code included in the product.  Over the years, we have used a variety of third-party software to provide features and functionality for our user base.  In 2019, we performed a full audit of all third-party source code that has been included in the product and verified that we are in compliance with all known licenses for the included software.  Below is the Bill of Materials (BOM), produced from that effort, which outlines each of these software packages and the licensing that was found for them.  If you are the developer, maintainer, or licensor for any of these packages and believe that this information is in error, we'd ask that you please submit a support ticket to address your concerns.


SimpleRisk Bill of Materials (BOM)


SimpleRisk Core: This is the free and open source offering from SimpleRisk that also forms the basis for both our on-prem and hosted offerings.  It is licensed under the Mozilla Public License (MPL) 2.0.


PHP Libraries Included in the SimpleRisk Core

  • HighchartsPHP: Licensed under the GNU General Public License (Version 3, 29 June 2007).

  • PHPMailer: Licensed under the GNU Lesser General Public License (Version 2.1, February 1999)

  • CSRF-Magic (http://csrf.htmlpurifier.org/): Licensed under the BSD 2-Clause "Simplified" License.

  • Epiphany: Custom copyright notice and license located under simplerisk/includes/epiphany/LICENSE.

  • Zend Escaper: Custom copyright notice and license located under simplerisk/includes/Component_ZendEscaper/LICENSE.md.


Javascript Libraries Included in the SimpleRisk Core


Control Frameworks Included in the SimpleRisk Core

  • CIS Critical Security Controls: Verified with CIS that can be included in SimpleRisk.

  • HIPAA (April 2016): Unsure of license status.

  • NIST 800-171 : Publication is free of charge.

  • PCI DSS 3.2: Unsure of license status.


SimpleRisk Extras: These are the paid-for plug and play additions to the SimpleRisk Core.  These may be individually licensed or purchased as a package.  Terms and conditions vary by customer as well as deployment scenario.


PHP Libraries Included in SimpleRisk Extras


Control Frameworks Included in SimpleRisk Extras