Inside FOSSA FOSSA Joins Forces with New Relic in the Secure Developer Alliance FOSSA is excited to announce that it's partnering with New Relic and other security and observability leaders in the Secure Developer Alliance.
Open Source Vulnerability Management What’s New in CycloneDX 1.6? CycloneDX 1.6, the newest version of the popular bill of material specification, was released this week.
Open Source Vulnerability Management CVE-2024-3094: New Vulnerability Impacts XZ Utils Learn about the new XZ Utils vulnerability, including how it was discovered, why it's a high-severity issue, and how to mitigate it.
Open Source Vulnerability Management SBOM Formats Explained and Compared Learn about the similarities and differences between popular SBOM (software bill of materials) formats like CycloneDX and SPDX.
Inside FOSSA Enhancing Risk Observability with FOSSA's Issue Overview Dashboard Get the full view of security, licensing, and quality risks across your organization — and understand the impact of remediation efforts — with FOSSA's Issue Overview Dashboard.
Inside FOSSA Beyond Vulnerabilities: Understanding Package Health with FOSSA Quality FOSSA Quality provides visibility into the real health of your open source components and enables you to set policies and enforce rules around those signals.
Open Source Vulnerability Management Complying with the FDA’s SBOM Requirements The FDA now requires medical device manufacturers to submit an SBOM (software bill of materials) as part of the premarket review process.
Inside FOSSA Enable Global Visibility and Swift Remediation with Package Index Package Index offers comprehensive visibility into your software supply chain, making it much easier to find a specific package or vulnerability.
Open Source in the News 4 Takeaways from the ESF’s OSS and SBOM Management Recommendations A new publication from the Enduring Security Framework (ESF) working group includes recommendations to help organizations manage SBOMs and OSS-related risks.
Inside FOSSA Reduce Alert Fatigue with FOSSA’s Auto-Ignore Rules Explore the recently launched auto-ignore feature, which streamlines issue resolution across multiple projects and package versions
Open Source Vulnerability Management Terrapin (CVE-2023-48795): New Attack Impacts the SSH Protocol The recently announced Terrapin attack (CVE-2023-48795) impacts the popular SSH protocol. Here’s what you need to know about the vulnerability.
Open Source Vulnerability Management Understanding and Using the EPSS Scoring System EPSS (Exploit Prediction Scoring System) measures how likely a vulnerability is to be exploited in the wild.
Open Source Vulnerability Management Best Practices for Generating High-Quality SBOMs The more accurate and comprehensive an SBOM is, the more valuable it will be. See considerations and strategies for generating high-quality SBOMs in your organization.
Open Source Vulnerability Management Curl Vulnerabilities: Impact and Fixes (Curl 8.4.0) New vulnerabilities impacting the popular Curl command line tool and library were disclosed on Oct. 11. See details and fixes.
Software Composition Analysis SBOM Examples, Explained See two SBOM examples, including practical explanations for data fields and document sections.
Software Composition Analysis Understanding and Using SPDX License Identifiers and License Expressions Learn about SPDX License Identifiers and License Expressions, and see how you can use them to communicate licensing information in an SBOM.
Open Source Vulnerability Management 5 Ways an SBOM Can Strengthen Security See five ways SBOMs can improve security, including enhanced visibility into vulnerabilities and support for remediation.
Open Source Vulnerability Management Vulnerability Remediation Tactics Explore strategies for remediating vulnerabilities in third-party software components, including pros and cons for each.
Open Source Vulnerability Management VEX (Vulnerability Exploitability eXchange): Purpose and Use Cases Learn about VEX (Vulnerability Exploitability eXchange), which is used to communicate whether vulnerabilities impacting software products are actually exploitable.
Open Source Vulnerability Management How to Operationalize SBOMs Throughout the SDLC Explore best practices for getting value from software bill of materials (SBOM) data throughout the software development lifecycle.
Open Source Vulnerability Management OpenSSL Vulnerability 2022: Details and Fixes Two new high-severity vulnerabilities impacting OpenSSL have been disclosed. Here's what we know about the issues and how to address them.
Open Source in the News CVE-2022-42889 Text4Shell Vulnerability: Impact and Fixes See important details on the Text4Shell vulnerability, including affected versions, how it compares to Log4Shell, and how to identify and remediate it.
Open Source in the News Analyzing the Securing Open Source Software Act A new piece of proposed legislation would direct the U.S. federal government to create a framework for assessing security risks in open source software.
Open Source Vulnerability Management U.S. Government Memo Requires Self-Attestation to Secure Development Practices U.S. government agencies must now require software suppliers to self-attest that they have adhered to NIST Guidance for secure software development.
Open Source Vulnerability Management A Practical Guide to the SLSA Framework SLSA is a Google-created framework designed to help organizations improve the integrity of their software supply chains.
