Licensing Articles
Licensing Articles
Winter 2025 FOSSA Product Updates
Explore the new functionalities of FOSSA for managing SBOMs, vulnerabilities, and open source license compliance, including automated NOTICE file recreation and FDA compliance support.
License Compliance, SBOM, and Vulnerability Management for Smaller Teams: FOSSA Business Tier
FOSSA introduces a new business tier tailored for smaller teams, offering flexible pricing and comprehensive features for SBOM, vulnerability management, and license compliance.
Introducing SBOM Policies in FOSSA
Learn about FOSSA's new SBOM policy feature that helps enforce SBOM standards for compliance and security.
Fall 2024 Software Licensing Roundup
Explore the significant licensing stories of fall 2024, including Elastics return to open source, the new fair source licensing model, and the PearAI controversy.
Snippet Scanning, Explained
An in-depth look at snippet scanning tools, their methodologies, and their impact on open source license compliance.
Automate Regulatory Compliance With FOSSA's New SBOM Management Add-On
Introducing FOSSAs new SBOM Management add-on to simplify software inventory and compliance processes.
How Sentry Manages Software License Compliance
Discover how Sentry manages software license compliance through policies, processes, and automation using FOSSA's open source management platform.
Beyond Vulnerabilities: Understanding Package Health with FOSSA Quality
Explore FOSSA Quality's tools for assessing and improving the health of your software's open source components.
Enable Global Visibility and Swift Remediation with Package Index
Explore how FOSSA’s Package Index enhances software supply chain visibility, enabling swift vulnerability detection and remediation.
Reduce Alert Fatigue with FOSSA’s Auto-Ignore Rules
Learn how FOSSA’s auto-ignore rules streamline license compliance and vulnerability remediation by minimizing redundant alerts.
Dual-Licensing Models Explained, Featuring Heather Meeker
Understanding dual licensing with insights from Heather Meeker, covering scenarios for choice-of-license and multi-license models, and managing associated risks.
A Comprehensive Guide to Source-Available Software Licenses, Featuring Heather Meeker
Explore the intricacies of source-available software licenses, contrasting them with open-source and proprietary licenses.
Best Practices for Generating High-Quality SBOMs
Explore crucial elements for creating high-quality SBOMs including tooling, integration strategies, configuration, and data fields in compliance with licensing and security requirements.
5 Ways to Reduce GitHub Copilot Security and Legal Risks
Explore strategies to mitigate security and legal risks associated with GitHub Copilot and similar AI tools.
Understanding and Using SPDX License Identifiers and License Expressions
An overview of SPDX License Identifiers and Expressions and how they streamline open source licensing communication.
What’s New in CycloneDX 1.5?
The CycloneDX team released version 1.5, building on existing capabilities and introducing enhancements such as the Authoritative Guide to SBOM.
Generative AI and Software Development: Copyright Law and License Compliance
Explores the impact of recent U.S. Copyright Office decisions on generative AI, potential risks from open source licensing, and strategies to mitigate IP risk in software development.
Heather Meeker on Open Source License Compliance Policies
Discussion on tailoring open source license compliance policies for different deployment models, including strategies for SaaS, mobile apps, and embedded systems.
The FOSSA Podcast: SCA Purchasing and Implementation Trends
A discussion on open source usage and software composition analysis tools to manage OSS license compliance and security risks.
Containers and Open Source License Compliance
An exploration of open source license compliance in the container ecosystem, discussing key components and compliance strategies.
2023 Open Source Management Trends, Predictions, and Observations
Explore trends, predictions, and observations on mission-critical open source management, including SBOM data usage, license compliance automation, and more.
How Applause Makes Open Source Management Work for Developers
Discover how Applause, led by CTO Rob Mason, leverages FOSSA to optimize open source management, reducing burdens on developers.
Complying with GPL v3’s User Product Clause
Explore the GPL v3's 'User Product' clause and strategies for compliance, addressing challenges faced by manufacturers while protecting user freedom.
Managing OSS License Compliance Risks in Commercial Software Licensing Agreements, Featuring Jim Markwith
Explore the evolution of open source software license compliance risks and best practices in commercial software agreements.
Open Source Licenses 101: Microsoft Public License (Ms-PL)
Explore the Microsoft Public License (Ms-PL), often used in .NET projects, known for its unique place in the open source licensing landscape.
Analyzing the Securing Open Source Software Act
An overview of the Securing Open Source Software Act, its implications for federal agencies, and potential effects on the private sector.
Heather Meeker on Open Source License Compliance Tools
A detailed exploration into the evolution and current trends of compliance tools for open source software licenses, with insights from Heather Meeker.
Q and A: Heather Meeker on Hot Topics in OSS License Compliance
A discussion with Heather Meeker on pressing issues related to open source software license compliance, featuring key Q and A highlights from a recent webinar.
Customer Q&A: Collibra's Journey to Scaling OSS License Compliance
An insightful interview with Amanda Weare, Collibra's VP and Deputy General Counsel, discussing their approach to open source license compliance.
Announcing the Private Beta of FOSSA Risk Intelligence
Introducing FOSSA Risk Intelligence, a private beta add-on to enhance software supply chain security by addressing risks like stale packages, abandonware, and more.
Open Source Licenses 101: SIL Open Font License (OFL)
An overview of the SIL Open Font License (OFL), its versions, and provisions for font software use, modification, and redistribution.
How to Build an Open Source License Compliance Program, Featuring Jim Markwith
Explore the importance and elements of building a successful open source license compliance program, as discussed by Jim Markwith, a technology and transactions attorney.
The Massive Implications of Software Freedom Conservancy vs. Vizio
Exploration of Software Freedom Conservancy's lawsuit against Vizio and its potential impact on open source license enforcement.
Open Source Licenses 101: Boost Software License
A thorough examination of the Boost Software License, showcasing its similarities to and differences from other permissive licenses.
Open Source Licenses 101: The CDDL (Common Development and Distribution License)
The CDDL — short for Common Development and Distribution License — is a weak copyleft open source software license initially published by Sun Microsystems.
Best Practices for Implementing Software Composition Analysis, Featuring Rancher Labs
Explore the successful implementation of Software Composition Analysis (SCA) at Rancher Labs, focusing on simplicity, CI/CD integration, barrier removal, and addressing tech debt.
An Overview of Spring RCE Vulnerabilities
A review of critical remote code execution vulnerabilities in Spring, highlighting CVE-2022-22965 and CVE-2022-22963, their impact, and mitigation strategies.
Building a Sustainable Software Supply Chain
Exploring strategies to enhance software supply chain security through sustainability practices.
The Three Pillars of Reproducible Builds
Exploring the guiding principles of reproducible builds to strengthen software supply chain security.
OSS License Compliance Expert Heather Meeker on the AGPL
An exploration of the AGPL's implications, how it compares to the GPL family, and its inception.
Open Source Developer Sabotages npm Libraries 'Colors,' 'Faker'
The developer behind 'colors.js' and 'faker.js' sabotages his own npm libraries, causing widespread disruption.
Does TikTok Live Studio Violate GPL v2?
Exploring the license compliance concerns surrounding TikTok Live Studio's use of GPL v2-licensed OBS Studio.
Q and A: Heather Meeker on AGPL, Truth Social, OSS License Compliance
Highlights from a webinar with open source licensing expert Heather Meeker discussing AGPL, Truth Social's compliance issues, and Google's AGPL policy.
FOSSA Partners with OpenChain to Promote Open Source Management
FOSSA has partnered with OpenChain to support organizations in achieving OpenChain Conformance, promoting compliance with OSS licensing requirements.
FOSSA Product Updates: Announcing Our New and Improved CLI
Announcing FOSSA's revamped CLI that simplifies integrations with reduced configuration. Discover the new features and improvements.
Open Source Software Licenses 101: The Eclipse Public License
An overview of the Eclipse Public License, its key provisions, and its compatibility with other licenses.
Q and A: Software Bill of Materials and FOSSA
Explore common questions related to FOSSA’s SBOM solution including its features, export formats, and security aspects.
bouk/monkey and the Importance of Knowing Your Dependencies
Exploring the significance of understanding software dependencies, licenses, and the unusual case of bouk/monkey's license.
3 Best Practices for OSS Management in the Automotive Industry
Explore best practices for OSS management in the automotive industry to reduce license compliance, security, and quality risks.
Open Source Software Licenses 101: The LGPL License
An overview of the GNU Lesser General Public License (LGPL), its requirements, permissions, and its current usage in the open source software development community.
Open Source Software Licenses 101: The AGPL License
Explore the intricacies of the GNU Affero General Public License (AGPL), its history, requirements, and its impact on the open-source software community.
Stockfish vs. ChessBase and What it Means for GPL v3
An exploration of the Stockfish lawsuit against ChessBase, testing the GPL v3 license regarding derivative works and license termination.
The Minimum Required Elements of an SBOM
An overview of the minimum required elements for a Software Bill of Materials (SBOM) as outlined by the U.S. Federal Government's NTIA.
Copyleft Licenses and the Venture Capital Connection
Explore the impact of copyleft licenses on venture capital investments, including insights from IP lawyer Kate Downing and the NVCA Stock Purchase Agreement Model Form.
All About Permissive Licenses
An exploration of permissive open source licenses, their history, and their role in the software community.
IT Central Station: What Makes for an Effective SCA Solution
Exploring the essential features of an effective Software Composition Analysis (SCA) solution through insights from IT Central Station members.
All About Copyleft Licenses
An exploration of copyleft licenses, their history, differences from permissive licenses, and their role in the open source community.
Software Bill Of Materials (SBOM) Formats, Use Cases, and Specifications
Explore the significance of Software Bill of Materials (SBOM), its formats, use cases, and essential elements crucial for compliance and security in the software supply chain.
How SCA Helps Manage OSS Vulnerabilities
Explore how Software Composition Analysis (SCA) helps teams manage open source software vulnerabilities.
Open Source Software Licenses 101: The ISC License
Explore the history, requirements, and key differences of the ISC License in open source software.
Open Source Software Licenses 101: Mozilla Public License 2.0
An in-depth look at the Mozilla Public License 2.0, its requirements, comparisons with other licenses, and its use cases.
Open Source Software Licenses 101: The BSD 3-Clause License
An overview of the BSD 3-Clause License, its history, requirements, and how it compares to other permissive licenses.
How OSS Conquered the World: Insight from Veteran Developers
FOSSA staff engineer Konstantin Gredeskoul and Oxide Computer Company's co-founder Bryan Cantrill discuss the development and impact of open source software in an informative and entertaining podcast.
Building an Open Source Program Office (OSPO)
Explore the components and staffing necessary for establishing a successful Open Source Program Office to manage and strategize open source software use.
Open Source Software Licenses 101: GPL v3
Explore the differences between GPL v2 and GPL v3, understand the key features of GPL v3, and discover why it's a popular choice among developers and companies. Learn about its use cases, compatibility with Apache 2.0, and the future of GPL v3 in OSS projects.
Open Source Software Licenses 101: GPL v2
An informative guide on the GNU General Public License Version 2.0, highlighting its terms, conditions, and how it contrasts with other open source licenses.
How to Choose an Open Source Software License Compliance Tool
Guidance on choosing the right open source software license compliance tool, covering aspects such as scanning, automation, integration, issue management, and reporting.
4 Takeaways from the 2021 State of Open Source Vulnerabilities Report
An analysis of the 2021 State of Open Source Vulnerabilities report, highlighting frequent targets like Java and JavaScript, common issues such as poor input validation, and vulnerable libraries.
Open Source Licenses 101: Apache License 2.0
An exploration of the Apache License 2.0, outlining its terms, use cases, and how it compares to other permissive licenses.
How to Apply a License to Your Open Source Software Project
Explore how to effectively apply a license to your open source software project, addressing common challenges and scenarios.
Open Source Software Licenses 101: The MIT License
Exploring the MIT License, a popular open source software license, its permissions, restrictions, and comparisons to other licenses.
Takeaways from OpenChain ISO/IEC 5230:2020
Key insights from the OpenChain ISO/IEC 5230:2020 standard, focusing on requirements for license compliance programs and how to achieve OpenChain Conformance.
Top Security Takeaways from the 2020 FOSS Contributor Survey
Discover key security insights from the 2020 FOSS Contributor Survey and explore actionable recommendations for open source project owners.
The Future of Software Composition Analysis, Featuring Forrester
Exploring the future of Software Composition Analysis (SCA) with key insights into automation, governance, and developer integration.
5 Ways Companies Can Get More Value From Open Source Software
Explore strategies for maximizing open source software benefits while ensuring compliance and security.
How UiPath Reduced Open Source Risk Through Team Collaboration
Explore how UiPath reduces open source risk through collaboration between engineering, compliance, and security teams.
What is Software Composition Analysis?
Discover how Software Composition Analysis (SCA) helps you manage and reduce risks associated with open source components in your software.
How Zendesk’s Legal Team Scored an Open Source Compliance Victory
Discover how Zendesk's legal team improved open source compliance with the help of FOSSA, optimizing workflows and reducing time spent on compliance processes.
FOSSA Announces SOC 2 Compliance
FOSSA has achieved SOC 2 Type 2 compliance, reaffirming its commitment to the highest standards of security and data protection.
How to Choose the Right Open Source License
This post guides you on how to choose the right open source license for your project, ensuring your software is protected and shared as you wish.
Q&A: Heather Meeker on Open Source License Notices
Heather Meeker shares insights on open source software licensing and the role of automation in managing license notices.
Heather Meeker on Open Source License Notices and Automation
Discussing the importance of open source license notices and how automation can help address compliance challenges.
A Framework for Evaluating Software Composition Analysis Tools
Understand the importance of Software Composition Analysis (SCA) tools for mitigating risks associated with open source components in modern software development.
FOSSA Raises a $23.2M Series B
FOSSA announces a new funding round of $23.2M to accelerate the development of open source inventory solutions.
Press Release: FOSSA Accelerates Growth, Hits Significant Milestones
FOSSA announces $23.2 million in Series B funding and launches new security management capabilities, affirming its leadership in the software composition analysis market.
How Open Source License Audits Became a Strategic Key to M&A Success
Open source non-compliance can impact company transactions like mergers and acquisitions by slowing, devaluing, or breaking deals.
Now's the Perfect Time to Evolve Legal and Engineering Collaboration
In remote work, businesses' confidence in their software supply chain is crucial, highlighting risk mitigation's importance.
TikTok, Trump, and the Future of Open Source Surveillance
Exploring the intersection of TikTok, national security, and the future of open source software surveillance.
Open Source Management: Fundamentals
Explore the role of open source in the enterprise market and learn the essentials of managing open source software including strategies, policies, and tools for effective oversight.
Why Source Code Scanning Tools Are Essential for Open Source Compliance
Explore the risks and necessity of source code scanning tools in open source compliance to prevent licensing issues and ensure smooth project management.
Snippet Scanning: Is it Right for Your Team?
Explore the nuances of snippet scanning and its relevance to software development today, while considering risk profiles and modern development practices.
FOSSA Named to CNBC's Upstart 100
FOSSA has been named to CNBC's Upstart 100 List following the closing of $8.5 Million in Series A Funding.
FOSSA Raises $8.5M for Enterprise Open Source Management
FOSSA announces an $8.5M Series A funding to enhance open source management for enterprises, and shares success stories with notable clients.
We’re excited to partner with CircleCI to release our CircleCI orb!
Learn about FOSSA's new CircleCI orb for easier OSS license compliance and CI/CD integration.
FOSSA July 2019 Product Release Notes
Enhancements to the FOSSA CLI, Rust support, and improvements to on-prem deployment are highlighted in the FOSSA July 2019 product release notes.
WTFPL to Beerware: Top 6 Out-There Open Source Licenses
Explore some of the most unconventional open source licenses, from Beerware to WTFPL.
All About Open Source Licenses
A comprehensive guide to understanding open source licenses, including permissive and copyleft licenses, and how to apply them.
What is a Private Artifact Repository?
Exploration of the benefits and limitations of private artifact repositories, highlighting three common issues developers face along with solutions offered by FOSSA.
Still Asking Engineers to Fill Out Open Source Request Forms?
Exploring the impact of manual open source request processes on engineering culture and innovation speed.
We’re Excited to Announce Our CNCF Membership
FOSSA is excited to announce its CNCF membership, highlighting the importance of open source in software development and our commitment to the community.
A Case For Continuous Compliance
Exploring the importance and benefits of continuous compliance in the use of open source software.
Creating a Comprehensive 3rd-Party Package License Policy for OSS
Learn how to create a comprehensive third-party package license policy, a vital element for companies engaging with open source software and ensuring compliance across various licenses.
Why Open Source License Compliance Needs to Be CI-Agnostic
Exploring the importance of adopting platform-agnostic tools for open source license compliance and the benefits of avoiding vendor lock-in.
Automating Open Source Reports with FOSSA at Applause
Discover how Applause leveraged FOSSA to automate their OSS licensing and compliance process, saving time and improving accuracy.
Cost/Benefit Analysis: Manual Audits vs Automated License Compliance
Exploring the costs and benefits of manual versus automated license compliance in software companies.
Which Open Source License Is Best for Commercialization?
Exploring the best open source licenses for commercialization, including the balance between permissive and restrictive licenses.
Discussing Commons Clause on Software Engineering Daily
Exploration of open source software, business models, and the impact of the Commons Clause, with insights from Kevin Wang.
300+ New Licenses Supported in FOSSA
Announcing new license data quality updates with over 300 new licenses in FOSSA.
JS Foundation chooses FOSSA as the Open Source License Cert. Provider
The JS Foundation, supporting critical JavaScript infrastructure, chooses FOSSA for automated open-source license compliance.
Organization-wide issues & conditional policies
Discover how FOSSA improves organization-level issue management and introduces conditional policy rules to streamline compliance.
Don’t Over-REACT to the Facebook Patents License
The controversy surrounding Facebook's 'BSD+ Patents' license is more partisan than practical, and the Apache Foundation's decision to reclassify it is unlikely to impact the use of ReactJS.
The Ultimate GPL Survival Guide
A comprehensive guide on GPL compliance for professionals in consumer electronics, IoT, and automotive industries, featuring useful flowcharts and checklists.
Announcing FOSSA Public Beta & Funding
Announce the public beta release of FOSSA and a $2.2MM seed round led by Bain Capital Ventures.
You can’t get around code scanning if you care about open source licenses
Exploring the necessity of code scanning tools for tracking and complying with open source licenses in modern software development.
FOSSA partners with npm to deliver open source license compliance
FOSSA introduces a new add-on for npm Enterprise to enhance open source license compliance.