Open Source License Compliance Complying with GPL v3’s User Product Clause Explore strategies for complying with the GPL v3 software license's User Product clause.
Open Source Vulnerability Management OpenSSL Vulnerability 2022: Details and Fixes Two new high-severity vulnerabilities impacting OpenSSL have been disclosed. Here's what we know about the issues and how to address them.
Open Source in the News CVE-2022-42889 Text4Shell Vulnerability: Impact and Fixes See important details on the Text4Shell vulnerability, including affected versions, how it compares to Log4Shell, and how to identify and remediate it.
Open Source in the News Analyzing the Securing Open Source Software Act A new piece of proposed legislation would direct the U.S. federal government to create a framework for assessing security risks in open source software.
Open Source Vulnerability Management U.S. Government Memo Requires Self-Attestation to Secure Development Practices U.S. government agencies must now require software suppliers to self-attest that they have adhered to NIST Guidance for secure software development.
Open Source Vulnerability Management How to Implement the CSRB’s Log4j Security Recommendations See guidance for implementing the security recommendations in the CSRB's recent report on the Log4j vulnerability.
Open Source in the News Why Open Source is ESG Leading IP attorney and open source software license compliance expert Heather Meeker explores the connection between ESG investing and OSS.
Software Composition Analysis Highlights from NIST SP 800-161r1: Cybersecurity Supply Chain Risk Management See key themes and insights from NIST SP 800-161r1: “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.”
Open Source Vulnerability Management An Overview of Spring RCE Vulnerabilities A pair of critical remote code execution vulnerabilities impacting Spring were disclosed this week.
Software Composition Analysis Building a Sustainable Software Supply Chain OpenChain GM Shane Coughlan discusses indicators of sustainable software and specific steps your organization can take to improve security.
Open Source in the News 5 Highlights from the U.S. Senate’s Log4J Vulnerability Hearing The U.S. Senate's hearing on Log4Shell brought to light new information on the Log4J vulnerability and industry's response to it.
Open Source in the News 6 Takeaways from the Linux Foundation's SBOM Report A new report from the Linux Foundation contains a treasure trove of data on industry attitudes toward SBOMs and software supply chain security.
Open Source in the News Open Source Developer Sabotages npm Libraries ‘Colors,’ ‘Faker’ The developer behind popular npm libraries "Colors" and "Faker" intentionally sabotaged both packages. Here's what to do if your application is impacted.
Open Source License Compliance Q and A: Heather Meeker on AGPL, Truth Social, OSS License Compliance Heather Meeker, one of the world's leading OSS license compliance experts, shares insight on the AGPL and the Truth Social license compliance controversy.
Open Source in the News Does TikTok Live Studio Violate GPL v2? TikTok recently released a limited test of a new live streaming service, TikTok Live Studio, that may be in violation of the GPL v2 open source software license.
Open Source Vulnerability Management How to Quickly Find and Remediate Log4J Vulnerabilities (Log4Shell) See how your organization can quickly identify and remediate Log4J vulnerabilities in your code.
Open Source Vulnerability Management How to Fix the New Log4J DoS Vulnerability: CVE-2021-45105 See the impact of the new Log4J denial of service (DoS) vulnerability, and get guidance on how to fix it.
Inside FOSSA FOSSA Partners with OpenChain to Promote Open Source Management FOSSA has partnered with OpenChain to help organizations build and maintain successful open source software license compliance programs.
Open Source in the News Embedded Malware in NPM: Coa, Rc, Ua-parser Several widely used NPM packages have been struck by malware in recent weeks. Get a deep dive into how the incidents happened and what you can do about them.
Open Source in the News The Massive Implications of Software Freedom Conservancy vs. Vizio The Software Freedom Conservancy's lawsuit against Vizio for alleged GPL violations could have significant ramifications for OSS license enforcement.
Software Composition Analysis 4 Key Elements of Technical Due Diligence Explore key areas of conducting technical due diligence, including auditing third-party software usage and evaluating protections on intellectual property.
Open Source in the News bouk/monkey and the Importance of Knowing Your Dependencies A recent news item involving the bouk/monkey open source program shows why it's so important for organizations to have visibility into their dependencies.
Open Source in the News Stockfish vs. ChessBase and What it Means for GPL v3 Stockfish vs. ChessBase could test several key provisions of GPL v3. Here's our analysis of the case, with input from OSS compliance expert Heather Meeker.
Software Composition Analysis The Minimum Required Elements of a Software Bill of Materials As part of its new cybersecurity executive order, the U.S. Federal government released the minimum required elements for a software bill of materials.
Open Source License Compliance Analyzing the Legal Implications of GitHub Copilot The release of GitHub Copilot raises questions about potential copyright infringement and license compliance issues.
