Open Source License Compliance Heather Meeker on Open Source License Compliance Tools Leading OSS licensing expert Heather Meeker shares guidance to help organizations evaluate new compliance tools and get more value from existing ones.
Open Source License Compliance Customer Q&A: Collibra's Journey to Scaling OSS License Compliance Amanda Weare, Collibra’s VP and Deputy General Counsel, discusses her experience managing Collibra's open source license compliance program.
Open Source License Compliance Fall 2024 Software Licensing Roundup See analysis of several recent stories in software licensing, including Elastic returning to open source and the creation of the fair source licensing category.
Open Source Vulnerability Management A Proposal for the Future of SBOM Minimum Elements See proposed changes to the current list of NTIA SBOM minimum elements, including the addition of several new data fields.
Open Source License Compliance Snippet Scanning, Explained Get an overview of snippet scanning, including its purpose, how it works, and whether it's the right fit for your organization.
Open Source Vulnerability Management CUPS Vulnerabilities: Impact and Fixes Get an overview of the vulnerabilities impacting CUPS, including an explanation of how they work and how to fix them.
Open Source Vulnerability Management U.S. Army Announces New SBOM Requirements The United States Army will begin requiring software contractors and subcontractors to provide SBOMs.
Open Source Vulnerability Management SBOM Requirements in the EU’s CRA (Cyber Resilience Act) Learn about the SBOM (software bill of materials) requirements in the EU's Cyber Resilience Act, including formats, timelines, and responsible parties.
Open Source Vulnerability Management 4 Considerations for Effective SBOM Sharing See four important considerations for effectively and securely sharing SBOMs.
Open Source Vulnerability Management Actioning the Stakeholder-Specific Vulnerability Categorization (SSVC) Model SSVC is designed to help organizations categorize and prioritize vulnerabilities based on their unique circumstances and risk profiles.
Inside FOSSA Automate Regulatory Compliance With FOSSA's New SBOM Management Add-On FOSSA’s new SBOM Management add-on makes it easy to generate and share SBOMs that meet regulatory compliance requirements.
Inside FOSSA FOSSA Acquires StackShare to Enhance Developer Tools Management and Security FOSSA has acquired StackShare — the well-respected community and enterprise platform for tracking and discussing developer tools.
Open Source Vulnerability Management Understanding SBOM Requirements in PCI DSS A new provision in PCI DSS 4.0 will require certain organizations to create and maintain SBOMs to help facilitate vulnerability management.
Inside FOSSA Secure Open Source for All: FOSSA's Free Plan Just Got Better FOSSA's free plan just got a major upgrade. Security, license compliance, and SBOM management are now available for free, for up to 25 contributing developers and 5 projects.
Open Source Vulnerability Management Polyfill Supply Chain Attack: Details and Fixes Get an overview of the polyfill supply chain attack, including how the exploit works and steps to mitigate it.
Open Source Vulnerability Management Using the CISA Kev Catalog Get an overview of the CISA KEV Catalog, including strategies for using the list in vulnerability prioritization and management initiatives.
Open Source Vulnerability Management Defining SBOM Requirements for Software Suppliers See important considerations and recommendations for requesting SBOMs (software bill of materials) from software suppliers.
Inside FOSSA FOSSA Joins Forces with New Relic in the Secure Developer Alliance FOSSA is excited to announce that it's partnering with New Relic and other security and observability leaders in the Secure Developer Alliance.
Open Source License Compliance How Sentry Manages Software License Compliance See how Sentry, a leader in application performance and error monitoring, manages compliance with open source and source available software licenses.
Software Composition Analysis SPDX 3.0 Is Released See what's new in SPDX v3.0, such as the introduction of use case-specific profiles and increased flexibility.
Open Source Vulnerability Management What’s New in CycloneDX 1.6? CycloneDX 1.6, the newest version of the popular bill of material specification, was released this week.
Open Source Vulnerability Management CVE-2024-3094: New Vulnerability Impacts XZ Utils Learn about the new XZ Utils vulnerability, including how it was discovered, why it's a high-severity issue, and how to mitigate it.
Inside FOSSA FOSSA Product Updates: Spring 2024 See new features that help FOSSA users mitigate open source risks, enhance software transparency, and resolve issues more quickly.
Open Source Vulnerability Management SBOM Formats Explained and Compared Learn about the similarities and differences between popular SBOM (software bill of materials) formats like CycloneDX and SPDX.
Inside FOSSA Enhancing Risk Observability with FOSSA's Issue Overview Dashboard Get the full view of security, licensing, and quality risks across your organization — and understand the impact of remediation efforts — with FOSSA's Issue Overview Dashboard.
Inside FOSSA Beyond Vulnerabilities: Understanding Package Health with FOSSA Quality FOSSA Quality provides visibility into the real health of your open source components and enables you to set policies and enforce rules around those signals.
Open Source Vulnerability Management Complying with the FDA’s SBOM Requirements The FDA now requires medical device manufacturers to submit an SBOM (software bill of materials) as part of the premarket review process.