Software Composition Analysis Highlights from NIST SP 800-161r1: Cybersecurity Supply Chain Risk Management See key themes and insights from NIST SP 800-161r1: “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.”
Open Source Vulnerability Management An Overview of Spring RCE Vulnerabilities A pair of critical remote code execution vulnerabilities impacting Spring were disclosed this week.
Software Composition Analysis Building a Sustainable Software Supply Chain OpenChain GM Shane Coughlan discusses indicators of sustainable software and specific steps your organization can take to improve security.
Open Source in the News 5 Highlights from the U.S. Senate’s Log4J Vulnerability Hearing The U.S. Senate's hearing on Log4Shell brought to light new information on the Log4J vulnerability and industry's response to it.
Open Source in the News 6 Takeaways from the Linux Foundation's SBOM Report A new report from the Linux Foundation contains a treasure trove of data on industry attitudes toward SBOMs and software supply chain security.
Open Source in the News Open Source Developer Sabotages npm Libraries ‘Colors,’ ‘Faker’ The developer behind popular npm libraries "Colors" and "Faker" intentionally sabotaged both packages. Here's what to do if your application is impacted.
Open Source License Compliance Q and A: Heather Meeker on AGPL, Truth Social, OSS License Compliance Heather Meeker, one of the world's leading OSS license compliance experts, shares insight on the AGPL and the Truth Social license compliance controversy.
Open Source in the News Does TikTok Live Studio Violate GPL v2? TikTok recently released a limited test of a new live streaming service, TikTok Live Studio, that may be in violation of the GPL v2 open source software license.
Open Source Vulnerability Management How to Quickly Find and Remediate Log4J Vulnerabilities (Log4Shell) See how your organization can quickly identify and remediate Log4J vulnerabilities in your code.
Open Source Vulnerability Management How to Fix the New Log4J DoS Vulnerability: CVE-2021-45105 See the impact of the new Log4J denial of service (DoS) vulnerability, and get guidance on how to fix it.
Inside FOSSA FOSSA Partners with OpenChain to Promote Open Source Management FOSSA has partnered with OpenChain to help organizations build and maintain successful open source software license compliance programs.
Open Source in the News Embedded Malware in NPM: Coa, Rc, Ua-parser Several widely used NPM packages have been struck by malware in recent weeks. Get a deep dive into how the incidents happened and what you can do about them.
Open Source in the News The Massive Implications of Software Freedom Conservancy vs. Vizio The Software Freedom Conservancy's lawsuit against Vizio for alleged GPL violations could have significant ramifications for OSS license enforcement.
Software Composition Analysis 4 Key Elements of Technical Due Diligence Explore key areas of conducting technical due diligence, including auditing third-party software usage and evaluating protections on intellectual property.
Open Source in the News bouk/monkey and the Importance of Knowing Your Dependencies A recent news item involving the bouk/monkey open source program shows why it's so important for organizations to have visibility into their dependencies.
Open Source in the News Stockfish vs. ChessBase and What it Means for GPL v3 Stockfish vs. ChessBase could test several key provisions of GPL v3. Here's our analysis of the case, with input from OSS compliance expert Heather Meeker.
Software Composition Analysis The Minimum Required Elements of a Software Bill of Materials As part of its new cybersecurity executive order, the U.S. Federal government released the minimum required elements for a software bill of materials.
Open Source License Compliance Analyzing the Legal Implications of GitHub Copilot The release of GitHub Copilot raises questions about potential copyright infringement and license compliance issues.
Open Source in the News Cybersecurity Executive Order and Software Supply Chain Security See our top takeaways from the software supply chain security section of the Biden Administration's cybersecurity executive order.
Open Source in the News How OSS Conquered the World: Insight from Veteran Developers Join FOSSA's Konstantin Gredeskoul and veteran engineer Bryan Cantrill for an informative and entertaining podcast on the growth and history of open source software.
Open Source in the News 4 Takeaways from the 2021 State of Open Source Vulnerabilities Report Dive into the latest data on today's open source security landscape, and see which libraries and languages are most vulnerable to attacks.
Open Source in the News Takeaways from ISO/IEC DIS 5230: OpenChain Specification Explore key takeaways from ISO/IEC DIS 5230: OpenChain Specification, including steps to becoming an OpenChain Conformant organization.
Open Source in the News Top Security Takeaways from the 2020 FOSS Contributor Survey See four top security takeaways from the 2020 FOSS Contributor Survey, which was produced by the Linux Foundation and Harvard's Laboratory for Innovation Science.
Open Source in the News SolarWinds, Supply Chain Attacks, and Software Composition Analysis Software supply chain security has been in the spotlight following the SolarWinds hack. Here's how you can strengthen your defenses against such an attack.
Open Source in the News TikTok, Trump, and the Future of Open Source Surveillance What could President Trump’s executive orders on TikTok mean for other software? And what about policy related to the perceived security of open source? Do you know where your OSS comes from? Should it matter?