A detailed comparison of SCA and SAST security tools, highlighting their differences and combined use for enhanced security.
Discover the latest enhancements and features introduced by FOSSA, designed to improve your experience with our platform.
In this episode of The FOSSA Podcast, our senior product manager and a longtime engineer discuss product development's evolution as companies grow, including collaboration, management tools, and growth vs. retention strategies.
The fifth episode of The FOSSA Podcast discusses managing engineering projects with insights from FOSSA’s VP of Engineering and a senior developer.
Explore the differences between FOSSA's deployment models and find the best option for your organization.
A discussion on open source usage and software composition analysis tools to manage OSS license compliance and security risks.
The third episode of The FOSSA Podcast discusses managing strategic customer relationships, offering guidance on structuring customer success teams and building a company-wide customer-success mindset.
An exploration of open source license compliance in the container ecosystem, discussing key components and compliance strategies.
In the second episode of the FOSSA Engineering Podcast, engineers reflect on early-stage technology choices and offer guidance for developers facing similar decisions.
Explore trends, predictions, and observations on mission-critical open source management, including SBOM data usage, license compliance automation, and more.
FOSSA's podcast explores the adoption of Haskell into its codebase, discussing the reasons and benefits of the functional programming language.
Learn how to authenticate the FOSSA CLI using 1Password's shell plugin for secure and easy integration.
Discover how Applause, led by CTO Rob Mason, leverages FOSSA to optimize open source management, reducing burdens on developers.
This post discusses two high-severity vulnerabilities impacting OpenSSL versions 3.0 and later, including details on how to find and fix them.
A critical remote code execution vulnerability called Text4Shell impacting the Apache Commons Text library.
Explore the Microsoft Public License (Ms-PL), often used in .NET projects, known for its unique place in the open source licensing landscape.
An overview of the Securing Open Source Software Act, its implications for federal agencies, and potential effects on the private sector.
The U.S. federal government’s Office of Management and Budget published a memo requiring software suppliers to self-attest to secure development practices, impacting government and private sector software supply chains.
A discussion with Heather Meeker on pressing issues related to open source software license compliance, featuring key Q and A highlights from a recent webinar.
FOSSA has achieved the Great Place to Work Certification™, showcasing its commitment to a supportive and inclusive work environment.
Recommendations from the CSRB to improve software security concerning the Log4j vulnerability, with a focus on private enterprises.
An overview of the SIL Open Font License (OFL), its versions, and provisions for font software use, modification, and redistribution.
An overview of NIST's updated recommendations for managing cybersecurity risks across supply chains, featuring frameworks and templates for organizations.
Exploration of Software Freedom Conservancy's lawsuit against Vizio and its potential impact on open source license enforcement.
A thorough examination of the Boost Software License, showcasing its similarities to and differences from other permissive licenses.
The CDDL — short for Common Development and Distribution License — is a weak copyleft open source software license initially published by Sun Microsystems.
Explore why Rancher Labs selected FOSSA for open source management, enhancing their development efficiency and security posture.
A review of critical remote code execution vulnerabilities in Spring, highlighting CVE-2022-22965 and CVE-2022-22963, their impact, and mitigation strategies.
Exploring the challenges of scanning C and C++ code and how FOSSA addresses these challenges with their code scanning technology.
Explore how Maven handles dependency versions, including declaring dependencies, overriding them, and utilizing version ranges.
An overview of the U.S. Senate's hearing on the Log4J vulnerability, highlighting key discussions on software security.
A detailed analysis of the Linux Foundation's SBOM report, outlining key insights into software supply chain security.
A discussion on essential DevSecOps tools that help automate software testing and management, enhancing security throughout the software development lifecycle.
Exploring the license compliance concerns surrounding TikTok Live Studio's use of GPL v2-licensed OBS Studio.
Highlights from a webinar with open source licensing expert Heather Meeker discussing AGPL, Truth Social's compliance issues, and Google's AGPL policy.
FOSSA has partnered with OpenChain to support organizations in achieving OpenChain Conformance, promoting compliance with OSS licensing requirements.
Announcing FOSSA's revamped CLI that simplifies integrations with reduced configuration. Discover the new features and improvements.
Explore the principles of DevSecOps, a natural extension of DevOps, focusing on integrating security testing throughout the software development lifecycle.
An overview of the Eclipse Public License, its key provisions, and its compatibility with other licenses.
Explore the essential aspects of technical due diligence, from third-party software usage to intellectual property protections.
Explore common questions related to FOSSA’s SBOM solution including its features, export formats, and security aspects.
Exploring the significance of understanding software dependencies, licenses, and the unusual case of bouk/monkey's license.
Exploring the implementation of Zero Trust through Role-Based Access Control (RBAC) with FOSSA.
Explore best practices for OSS management in the automotive industry to reduce license compliance, security, and quality risks.
FOSSA is recognized as a significant SCA solution in The Forrester Wave™ report, achieving highest scores in license risk management and SBOM criteria.
An overview of the GNU Lesser General Public License (LGPL), its requirements, permissions, and its current usage in the open source software development community.
Explore the intricacies of the GNU Affero General Public License (AGPL), its history, requirements, and its impact on the open-source software community.
An exploration of the Stockfish lawsuit against ChessBase, testing the GPL v3 license regarding derivative works and license termination.
An overview of the minimum required elements for a Software Bill of Materials (SBOM) as outlined by the U.S. Federal Government's NTIA.
Explore the potential legal challenges GitHub Copilot faces regarding copyright infringement and license compliance of its code suggestions.
Explore today’s container image security landscape and learn strategies to fend off cyber threats like vulnerability scanning and digital signatures.
An overview of CWE-79: Cross-Site Scripting, a common web vulnerability that allows attackers to inject malicious code into web applications.
Explore the impact of copyleft licenses on venture capital investments, including insights from IP lawyer Kate Downing and the NVCA Stock Purchase Agreement Model Form.
An exploration of permissive open source licenses, their history, and their role in the software community.
An overview of the Biden Administration's executive order on cybersecurity and its impact on software supply chain security.
An exploration of copyleft licenses, their history, differences from permissive licenses, and their role in the open source community.
Explore the significance of Software Bill of Materials (SBOM), its formats, use cases, and essential elements crucial for compliance and security in the software supply chain.
Explore how Software Composition Analysis (SCA) helps teams manage open source software vulnerabilities.
Explore the history, requirements, and key differences of the ISC License in open source software.
An in-depth look at the Mozilla Public License 2.0, its requirements, comparisons with other licenses, and its use cases.
Explore various build systems suited for monorepos, detailing the difference between imperative and declarative systems, and providing insights into top choices such as Bazel, Buck, and Pants.
An overview of the BSD 3-Clause License, its history, requirements, and how it compares to other permissive licenses.
Exploring supply chain security risks in automotive industry and how software composition analysis can mitigate these threats.
Explore the components and staffing necessary for establishing a successful Open Source Program Office to manage and strategize open source software use.
Explore the differences between GPL v2 and GPL v3, understand the key features of GPL v3, and discover why it's a popular choice among developers and companies. Learn about its use cases, compatibility with Apache 2.0, and the future of GPL v3 in OSS projects.
An informative guide on the GNU General Public License Version 2.0, highlighting its terms, conditions, and how it contrasts with other open source licenses.
Guidance on choosing the right open source software license compliance tool, covering aspects such as scanning, automation, integration, issue management, and reporting.
An analysis of the 2021 State of Open Source Vulnerabilities report, highlighting frequent targets like Java and JavaScript, common issues such as poor input validation, and vulnerable libraries.
Exploring the MIT License, a popular open source software license, its permissions, restrictions, and comparisons to other licenses.
Discover key security insights from the 2020 FOSS Contributor Survey and explore actionable recommendations for open source project owners.
Explore strategies for maximizing open source software benefits while ensuring compliance and security.
Exploring the implications of the SolarWinds hack and methods to prevent similar software supply chain attacks, with a focus on software composition analysis.
Explore how UiPath reduces open source risk through collaboration between engineering, compliance, and security teams.
Discover how Software Composition Analysis (SCA) helps you manage and reduce risks associated with open source components in your software.
Discover how Zendesk's legal team improved open source compliance with the help of FOSSA, optimizing workflows and reducing time spent on compliance processes.
FOSSA has achieved SOC 2 Type 2 compliance, reaffirming its commitment to the highest standards of security and data protection.
This post guides you on how to choose the right open source license for your project, ensuring your software is protected and shared as you wish.
Heather Meeker shares insights on open source software licensing and the role of automation in managing license notices.
