Open Source Vulnerability Management 5 Ways an SBOM Can Strengthen Security See five ways SBOMs can improve security, including enhanced visibility into vulnerabilities and support for remediation.
Inside FOSSA FOSSA Product Updates: August 2023 Get an overview of additions and improvements to the FOSSA platform, including Jira enhancements and auto-ignore rules.
Developer Perspectives Direct Dependencies vs. Transitive Dependencies See the difference between direct dependencies and transitive dependencies, including example dependency graphs.
Open Source Vulnerability Management Vulnerability Remediation Tactics Explore strategies for remediating vulnerabilities in third-party software components, including pros and cons for each.
Software Composition Analysis What’s New in CycloneDX 1.5? A new version of the CycloneDX bill of materials specification has been released. See what's new in CycloneDX v1.5.
Open Source Vulnerability Management VEX (Vulnerability Exploitability eXchange): Purpose and Use Cases Learn about VEX (Vulnerability Exploitability eXchange), which is used to communicate whether vulnerabilities impacting software products are actually exploitable.
Inside FOSSA The FOSSA Podcast: Product Management from Startup to Enterprise The FOSSA Podcast covers engineering-product team collaboration (and friction), product management tools, when to hire your first PM, and more.
Open Source in the News Generative AI and Software Development: Copyright Law and License Compliance See important copyright law and open source license compliance considerations when using generative AI in software development.
Developer Perspectives The FOSSA Podcast: Managing Engineering Projects This episode of The FOSSA Podcast discusses managing engineering projects, including scaling teams, measuring success, and delegating work.
Open Source License Compliance Heather Meeker on Open Source License Compliance Policies Leading open source license compliance expert Heather Meeker provides guidance on creating compliance policies for SaaS, mobile apps, embedded systems, and more.
Inside FOSSA Picking the Right FOSSA Deployment Model FOSSA customers can choose from a range of SaaS and on-premises deployment models. See which one is the best fit for your organization.
Software Composition Analysis The FOSSA Podcast: SCA Purchasing and Implementation Trends Episode 4 of The FOSSA Podcast discusses how organizations are evaluating SCA tools along with important factors in a successful implementation.
Software Composition Analysis A Framework for Evaluating SBOM Tools Customizability, ease of use, and support for CycloneDX and SPDX are among the most important features of a best-in-class SBOM tool.
Inside FOSSA The FOSSA Podcast: Structuring and Growing a Customer Success Team This episode of The FOSSA Podcast offers guidance on structuring customer success teams and building a company-wide customer-success mindset.
Open Source License Compliance Containers and Open Source License Compliance There are many open source components in the container ecosystem, which means container users must be mindful of license compliance obligations.
Inside FOSSA The FOSSA Podcast: Early-Stage Technology Decisions and Regrets The second episode of The FOSSA Podcast covers early-stage start-up technology choices, including picking programming languages and databases.
Open Source in the News 2023 Open Source Management Trends, Predictions, and Observations In 2023, we expect organizations to prioritize using SBOM data, automating open source license compliance, and maintaining visibility into software composition.
The FOSSA Podcast: Adopting Haskell into an Existing Codebase Episode One of the FOSSA Podcast covers our team adopted Haskell, characteristics of the language, and pros and cons for teams considering it.
Open Source Vulnerability Management How to Operationalize SBOMs Throughout the SDLC Explore best practices for getting value from software bill of materials (SBOM) data throughout the software development lifecycle.
Inside FOSSA Announcing Support for CycloneDX and SBOM Import FOSSA is excited to announce new support for importing SBOMs along with the CycloneDX SBOM standard.
Inside FOSSA How to Use 1Password to Authenticate the FOSSA CLI 1Password has released a shell plugin that will enable FOSSA users to authenticate with a simple fingerprint scan. Here's how to use it.
Software Composition Analysis How Applause Makes Open Source Management Work for Developers See how Applause has built developer-friendly open source license compliance and security programs with a significant assist from FOSSA.
Open Source License Compliance Complying with GPL v3’s User Product Clause Explore strategies for complying with the GPL v3 software license's User Product clause.
Open Source License Compliance Managing OSS License Compliance Risks in Commercial Software Licensing Agreements, Featuring Jim Markwith Organizations that ship products are ultimately responsible for OSS license compliance — even if the issue stems from a vendor-supplied component.
Inside FOSSA Announcing the GA of C and C++ Security and License Scanning We're thrilled to announce the GA of our security and license scanning for C and C++ projects, which will help users secure their critical applications
