Inside FOSSA How to Use 1Password to Authenticate the FOSSA CLI 1Password has released a shell plugin that will enable FOSSA users to authenticate with a simple fingerprint scan. Here's how to use it.
Software Composition Analysis How Applause Makes Open Source Management Work for Developers See how Applause has built developer-friendly open source license compliance and security programs with a significant assist from FOSSA.
Open Source Vulnerability Management OpenSSL Vulnerability 2022: Details and Fixes Two new high-severity vulnerabilities impacting OpenSSL have been disclosed. Here's what we know about the issues and how to address them.
Open Source in the News CVE-2022-42889 Text4Shell Vulnerability: Impact and Fixes See important details on the Text4Shell vulnerability, including affected versions, how it compares to Log4Shell, and how to identify and remediate it.
Open Source License Compliance Open Source Licenses 101: Microsoft Public License (Ms-PL) Get an overview of the Microsoft Public License (Ms-PL), including key provisions and how it compares to the Microsoft Reciprocal License (Ms-RL).
Open Source in the News Analyzing the Securing Open Source Software Act A new piece of proposed legislation would direct the U.S. federal government to create a framework for assessing security risks in open source software.
Open Source Vulnerability Management U.S. Government Memo Requires Self-Attestation to Secure Development Practices U.S. government agencies must now require software suppliers to self-attest that they have adhered to NIST Guidance for secure software development.
Open Source License Compliance Q and A: Heather Meeker on Hot Topics in OSS License Compliance IP attorney Heather Meeker tackles several hot topics in OSS license compliance, including SBOMs, the AGPL, triggers for distribution, and more.
Inside FOSSA FOSSA Earns Great Place To Work Certification FOSSA has earned the Great Place to Work Certification, which reflects our strong company culture and workplace environment.
Open Source License Compliance Customer Q&A: Collibra's Journey to Scaling OSS License Compliance Amanda Weare, Collibra’s VP and Deputy General Counsel, discusses her experience managing Collibra's open source license compliance program.
Open Source Vulnerability Management How to Implement the CSRB’s Log4j Security Recommendations See guidance for implementing the security recommendations in the CSRB's recent report on the Log4j vulnerability.
Open Source License Compliance Open Source Licenses 101: SIL Open Font License (OFL) The SIL Open Font License is an open source license designed for fonts and related software. Explore the license's notable requirements and provisions.
Open Source Vulnerability Management Understanding and Preventing Dependency Confusion Attacks Dependency confusion exploits rely on a quirk in certain package managers. See how these attacks can happen, and get guidance on preventing them.
Software Composition Analysis Highlights from NIST SP 800-161r1: Cybersecurity Supply Chain Risk Management See key themes and insights from NIST SP 800-161r1: “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.”
Open Source License Compliance Open Source Licenses 101: Boost Software License Get an overview of the Boost Software License, including key requirements and permissions, and see how it compares to other permissive licenses.
Open Source License Compliance Open Source Licenses 101: The CDDL (Common Development and Distribution License) Get an overview of the CDDL (Common Development and Distribution License), including requirements and comparisons to other weak copyleft licenses.
Software Composition Analysis 4 Reasons Rancher Labs Chose FOSSA See why Kubernetes management company Rancher Labs (part of SUSE) chose FOSSA to reduce open source license compliance and vulnerability risk.
Open Source Vulnerability Management An Overview of Spring RCE Vulnerabilities A pair of critical remote code execution vulnerabilities impacting Spring were disclosed this week.
Software Composition Analysis How FOSSA Addresses Challenges Scanning C/C++ Code Get an overview of challenges with scanning and identifying dependencies in C/C++ code, and see how FOSSA addresses these issues.
Developer Perspectives Overriding Dependency Versions and Using Version Ranges in Maven Get step-by-step guidance on managing dependencies in Maven: declaring dependencies, overriding dependency versions, and using version ranges.
Open Source in the News 5 Highlights from the U.S. Senate’s Log4J Vulnerability Hearing The U.S. Senate's hearing on Log4Shell brought to light new information on the Log4J vulnerability and industry's response to it.
Open Source in the News 6 Takeaways from the Linux Foundation's SBOM Report A new report from the Linux Foundation contains a treasure trove of data on industry attitudes toward SBOMs and software supply chain security.
Software Composition Analysis 5 Must-Have DevSecOps Tools Software composition analysis, static application security testing, and issue tracking software are examples of mission-critical DevSecOps tools.
Open Source in the News Open Source Developer Sabotages npm Libraries ‘Colors,’ ‘Faker’ The developer behind popular npm libraries "Colors" and "Faker" intentionally sabotaged both packages. Here's what to do if your application is impacted.
Open Source License Compliance Q and A: Heather Meeker on AGPL, Truth Social, OSS License Compliance Heather Meeker, one of the world's leading OSS license compliance experts, shares insight on the AGPL and the Truth Social license compliance controversy.
