Open Source Vulnerability Management Understanding and Preventing Dependency Confusion Attacks Dependency confusion exploits rely on a quirk in certain package managers. See how these attacks can happen, and get guidance on preventing them.
Software Composition Analysis Highlights from NIST SP 800-161r1: Cybersecurity Supply Chain Risk Management See key themes and insights from NIST SP 800-161r1: “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.”
Open Source in the News The Massive Implications of Software Freedom Conservancy vs. Vizio The Software Freedom Conservancy's lawsuit against Vizio for alleged GPL violations could have significant ramifications for OSS license enforcement.
Open Source License Compliance Open Source Licenses 101: Boost Software License Get an overview of the Boost Software License, including key requirements and permissions, and see how it compares to other permissive licenses.
Open Source License Compliance Open Source Licenses 101: The CDDL (Common Development and Distribution License) Get an overview of the CDDL (Common Development and Distribution License), including requirements and comparisons to other weak copyleft licenses.
Software Composition Analysis 4 Reasons Rancher Labs Chose FOSSA See why Kubernetes management company Rancher Labs (part of SUSE) chose FOSSA to reduce open source license compliance and vulnerability risk.
Open Source Vulnerability Management An Overview of Spring RCE Vulnerabilities A pair of critical remote code execution vulnerabilities impacting Spring were disclosed this week.
Software Composition Analysis How FOSSA Addresses Challenges Scanning C/C++ Code Get an overview of challenges with scanning and identifying dependencies in C/C++ code, and see how FOSSA addresses these issues.
Developer Perspectives Overriding Dependency Versions and Using Version Ranges in Maven Get step-by-step guidance on managing dependencies in Maven: declaring dependencies, overriding dependency versions, and using version ranges.
Open Source in the News 5 Highlights from the U.S. Senate’s Log4J Vulnerability Hearing The U.S. Senate's hearing on Log4Shell brought to light new information on the Log4J vulnerability and industry's response to it.
Open Source in the News 6 Takeaways from the Linux Foundation's SBOM Report A new report from the Linux Foundation contains a treasure trove of data on industry attitudes toward SBOMs and software supply chain security.
Software Composition Analysis 5 Must-Have DevSecOps Tools Software composition analysis, static application security testing, and issue tracking software are examples of mission-critical DevSecOps tools.
Open Source in the News Open Source Developer Sabotages npm Libraries ‘Colors,’ ‘Faker’ The developer behind popular npm libraries "Colors" and "Faker" intentionally sabotaged both packages. Here's what to do if your application is impacted.
Open Source License Compliance Q and A: Heather Meeker on AGPL, Truth Social, OSS License Compliance Heather Meeker, one of the world's leading OSS license compliance experts, shares insight on the AGPL and the Truth Social license compliance controversy.
Open Source in the News Does TikTok Live Studio Violate GPL v2? TikTok recently released a limited test of a new live streaming service, TikTok Live Studio, that may be in violation of the GPL v2 open source software license.
Inside FOSSA FOSSA Partners with OpenChain to Promote Open Source Management FOSSA has partnered with OpenChain to help organizations build and maintain successful open source software license compliance programs.
Inside FOSSA FOSSA Product Updates: Announcing Our New and Improved CLI Our upgraded CLI will make FOSSA integrations easier to deploy by reducing the amount of configuration needed by users.
Open Source Vulnerability Management DevSecOps 101: Understanding and Implementing DevSecOps Principles See how DevSecOps principles can make software development more secure, and discover strategies for an effective DevSecOps implementation.
Open Source License Compliance Open Source Software Licenses 101: The Eclipse Public License Get an overview of the Eclipse Public License, including key requirements and how it compares to other weak copyleft open source licenses.
Software Composition Analysis 4 Key Elements of Technical Due Diligence Explore key areas of conducting technical due diligence, including auditing third-party software usage and evaluating protections on intellectual property.
Software Composition Analysis Q and A: Software Bill of Materials and FOSSA Get answers to frequently asked questions about using FOSSA to generate a software bill of materials.
Open Source in the News bouk/monkey and the Importance of Knowing Your Dependencies A recent news item involving the bouk/monkey open source program shows why it's so important for organizations to have visibility into their dependencies.
Inside FOSSA Role-Based Access Control (RBAC), Zero Trust, and FOSSA Get an overview of FOSSA's role-based access control (RBAC), and see how it can help improve your organization's security posture.
Software Composition Analysis 3 Best Practices for OSS Management in the Automotive Industry Experts share tips and strategies to help automotive organizations improve their open source management programs.
Inside FOSSA FOSSA Receives Highest Scores Possible in License Risk Management, SBOM Criteria in Forrester Wave FOSSA was the only vendor to earn the highest possible score in both the SBOM and License Risk Management criteria.