We bundle some software libraries that are credited to an "unknown organization".  https://nexus.magnolia-cms.com/service/local/repositories/magnolia.enterprise.snapshots/archive/info/magnolia/eebundle/magnolia-enterprise-pro-demo-webapp/6.0-SNAPSHOT/magnolia-enterprise-pro-demo-webapp-6.0-20181112.124029-551.war/!/NOTICE.txt

Issue and risk: Magnolia clients need to ensure that the software they use is compliant with the client's policies, for example that all software is open source (OSS). If we don't provide license and ownership information to support such checks then there might be room for "infringement", say an artifact has no OSS-compatible license.

In the NOTICE.txt file we provide license information for all software libraries, so we are OK, but the creator organization is missing for some. It is good practice to fill the organization too, but not critical.