Software Composition Analysis SPDX 3.0 Is Released See what's new in SPDX v3.0, such as the introduction of use case-specific profiles and increased flexibility.
Open Source Vulnerability Management CVE-2024-3094: New Vulnerability Impacts XZ Utils Learn about the new XZ Utils vulnerability, including how it was discovered, why it's a high-severity issue, and how to mitigate it.
Open Source in the News 4 Takeaways from the ESF’s OSS and SBOM Management Recommendations A new publication from the Enduring Security Framework (ESF) working group includes recommendations to help organizations manage SBOMs and OSS-related risks.
Open Source Vulnerability Management Curl Vulnerabilities: Impact and Fixes (Curl 8.4.0) New vulnerabilities impacting the popular Curl command line tool and library were disclosed on Oct. 11. See details and fixes.
Open Source License Compliance 5 Ways to Reduce GitHub Copilot Security and Legal Risks See how to manage the potential security, legal, privacy, and maintainability risks that can come with using AI coding tools.
Open Source License Compliance Business Source License (BSL 1.1): Requirements, Provisions, and History See key requirements and provisions in the Business Source License (BSL), a middle ground of sorts between open source and end-user licenses.
Software Composition Analysis What’s New in CycloneDX 1.5? A new version of the CycloneDX bill of materials specification has been released. See what's new in CycloneDX v1.5.
Open Source in the News Generative AI and Software Development: Copyright Law and License Compliance See important copyright law and open source license compliance considerations when using generative AI in software development.
Inside FOSSA The FOSSA Podcast: Early-Stage Technology Decisions and Regrets The second episode of The FOSSA Podcast covers early-stage start-up technology choices, including picking programming languages and databases.
Open Source in the News 2023 Open Source Management Trends, Predictions, and Observations In 2023, we expect organizations to prioritize using SBOM data, automating open source license compliance, and maintaining visibility into software composition.
Open Source License Compliance Complying with GPL v3’s User Product Clause Explore strategies for complying with the GPL v3 software license's User Product clause.
Open Source Vulnerability Management OpenSSL Vulnerability 2022: Details and Fixes Two new high-severity vulnerabilities impacting OpenSSL have been disclosed. Here's what we know about the issues and how to address them.
Open Source in the News CVE-2022-42889 Text4Shell Vulnerability: Impact and Fixes See important details on the Text4Shell vulnerability, including affected versions, how it compares to Log4Shell, and how to identify and remediate it.
Open Source in the News Analyzing the Securing Open Source Software Act A new piece of proposed legislation would direct the U.S. federal government to create a framework for assessing security risks in open source software.
Open Source Vulnerability Management U.S. Government Memo Requires Self-Attestation to Secure Development Practices U.S. government agencies must now require software suppliers to self-attest that they have adhered to NIST Guidance for secure software development.
Open Source Vulnerability Management How to Implement the CSRB’s Log4j Security Recommendations See guidance for implementing the security recommendations in the CSRB's recent report on the Log4j vulnerability.
Open Source in the News Why Open Source is ESG Leading IP attorney and open source software license compliance expert Heather Meeker explores the connection between ESG investing and OSS.
Software Composition Analysis Highlights from NIST SP 800-161r1: Cybersecurity Supply Chain Risk Management See key themes and insights from NIST SP 800-161r1: “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.”
Open Source in the News The Massive Implications of Software Freedom Conservancy vs. Vizio The Software Freedom Conservancy's lawsuit against Vizio for alleged GPL violations could have significant ramifications for OSS license enforcement.
Open Source Vulnerability Management An Overview of Spring RCE Vulnerabilities A pair of critical remote code execution vulnerabilities impacting Spring were disclosed this week.
Software Composition Analysis Building a Sustainable Software Supply Chain OpenChain GM Shane Coughlan discusses indicators of sustainable software and specific steps your organization can take to improve security.
Open Source in the News 5 Highlights from the U.S. Senate’s Log4J Vulnerability Hearing The U.S. Senate's hearing on Log4Shell brought to light new information on the Log4J vulnerability and industry's response to it.
Open Source in the News 6 Takeaways from the Linux Foundation's SBOM Report A new report from the Linux Foundation contains a treasure trove of data on industry attitudes toward SBOMs and software supply chain security.
Open Source in the News Open Source Developer Sabotages npm Libraries ‘Colors,’ ‘Faker’ The developer behind popular npm libraries "Colors" and "Faker" intentionally sabotaged both packages. Here's what to do if your application is impacted.
Open Source License Compliance Q and A: Heather Meeker on AGPL, Truth Social, OSS License Compliance Heather Meeker, one of the world's leading OSS license compliance experts, shares insight on the AGPL and the Truth Social license compliance controversy.