• License Compliance
  • Security Management
  • About FOSSA
  • Contact Us
  • License Compliance
  • Security Management
  • About FOSSA
  • Contact Us
  • Request Demo
    Request Demo
  • Vulnerability Management
  • License Compliance
  • Open Source in the News
  • Software Composition Analysis
  • Developers

Open Source in the News

A collection of 26 posts

Software Composition Analysis

Highlights from NIST SP 800-161r1: Cybersecurity Supply Chain Risk Management

See key themes and insights from NIST SP 800-161r1: “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.”

  • FOSSA Editorial Team
6 min read
Open Source Vulnerability Management

An Overview of Spring RCE Vulnerabilities

A pair of critical remote code execution vulnerabilities impacting Spring were disclosed this week.

  • FOSSA Editorial Team
3 min read
Software Composition Analysis

Building a Sustainable Software Supply Chain

OpenChain GM Shane Coughlan discusses indicators of sustainable software and specific steps your organization can take to improve security.

  • Shane Coughlan
10 min read
Open Source in the News

5 Highlights from the U.S. Senate’s Log4J Vulnerability Hearing

The U.S. Senate's hearing on Log4Shell brought to light new information on the Log4J vulnerability and industry's response to it.

  • FOSSA Editorial Team
7 min read
Open Source in the News

6 Takeaways from the Linux Foundation's SBOM Report

A new report from the Linux Foundation contains a treasure trove of data on industry attitudes toward SBOMs and software supply chain security.

  • FOSSA Editorial Team
5 min read
Open Source in the News

Open Source Developer Sabotages npm Libraries ‘Colors,’ ‘Faker’

The developer behind popular npm libraries "Colors" and "Faker" intentionally sabotaged both packages. Here's what to do if your application is impacted.

  • FOSSA Editorial Team
3 min read
Open Source License Compliance

Q and A: Heather Meeker on AGPL, Truth Social, OSS License Compliance

Heather Meeker, one of the world's leading OSS license compliance experts, shares insight on the AGPL and the Truth Social license compliance controversy.

  • FOSSA Editorial Team
4 min read
Open Source in the News

Does TikTok Live Studio Violate GPL v2?

TikTok recently released a limited test of a new live streaming service, TikTok Live Studio, that may be in violation of the GPL v2 open source software license.

  • FOSSA Editorial Team
4 min read
Open Source Vulnerability Management

How to Quickly Find and Remediate Log4J Vulnerabilities (Log4Shell)

See how your organization can quickly identify and remediate Log4J vulnerabilities in your code.

  • Solomon Rubin
    Solomon Rubin
3 min read
Open Source Vulnerability Management

How to Fix the New Log4J DoS Vulnerability: CVE-2021-45105

See the impact of the new Log4J denial of service (DoS) vulnerability, and get guidance on how to fix it.

  • Solomon Rubin
    Solomon Rubin
2 min read
Inside FOSSA

FOSSA Partners with OpenChain to Promote Open Source Management

FOSSA has partnered with OpenChain to help organizations build and maintain successful open source software license compliance programs.

  • FOSSA Editorial Team
2 min read
Open Source in the News

Embedded Malware in NPM: Coa, Rc, Ua-parser

Several widely used NPM packages have been struck by malware in recent weeks. Get a deep dive into how the incidents happened and what you can do about them.

  • Gauthami Polasani
  • Solomon Rubin
    Solomon Rubin
4 min read
Open Source in the News

The Massive Implications of Software Freedom Conservancy vs. Vizio

The Software Freedom Conservancy's lawsuit against Vizio for alleged GPL violations could have significant ramifications for OSS license enforcement.

  • FOSSA Editorial Team
6 min read
Software Composition Analysis

4 Key Elements of Technical Due Diligence

Explore key areas of conducting technical due diligence, including auditing third-party software usage and evaluating protections on intellectual property.

  • FOSSA Editorial Team
5 min read
Open Source in the News

bouk/monkey and the Importance of Knowing Your Dependencies

A recent news item involving the bouk/monkey open source program shows why it's so important for organizations to have visibility into their dependencies.

  • FOSSA Editorial Team
4 min read
Open Source in the News

Stockfish vs. ChessBase and What it Means for GPL v3

Stockfish vs. ChessBase could test several key provisions of GPL v3. Here's our analysis of the case, with input from OSS compliance expert Heather Meeker.

  • FOSSA Editorial Team
5 min read
Software Composition Analysis

The Minimum Required Elements of a Software Bill of Materials

As part of its new cybersecurity executive order, the U.S. Federal government released the minimum required elements for a software bill of materials.

  • FOSSA Editorial Team
5 min read
Open Source License Compliance

Analyzing the Legal Implications of GitHub Copilot

The release of GitHub Copilot raises questions about potential copyright infringement and license compliance issues.

  • FOSSA Editorial Team
5 min read
Open Source in the News

Cybersecurity Executive Order and Software Supply Chain Security

See our top takeaways from the software supply chain security section of the Biden Administration's cybersecurity executive order.

  • FOSSA Editorial Team
5 min read
Open Source in the News

How OSS Conquered the World: Insight from Veteran Developers

Join FOSSA's Konstantin Gredeskoul and veteran engineer Bryan Cantrill for an informative and entertaining podcast on the growth and history of open source software.

  • Konstantin Gredeskoul
    Konstantin Gredeskoul
2 min read
Open Source in the News

4 Takeaways from the 2021 State of Open Source Vulnerabilities Report

Dive into the latest data on today's open source security landscape, and see which libraries and languages are most vulnerable to attacks.

  • FOSSA Editorial Team
2 min read
Open Source in the News

Takeaways from ISO/IEC DIS 5230: OpenChain Specification

Explore key takeaways from ISO/IEC DIS 5230: OpenChain Specification, including steps to becoming an OpenChain Conformant organization.

  • FOSSA Editorial Team
4 min read
Open Source in the News

Top Security Takeaways from the 2020 FOSS Contributor Survey

See four top security takeaways from the 2020 FOSS Contributor Survey, which was produced by the Linux Foundation and Harvard's Laboratory for Innovation Science.

  • FOSSA Editorial Team
5 min read
Open Source in the News

SolarWinds, Supply Chain Attacks, and Software Composition Analysis

Software supply chain security has been in the spotlight following the SolarWinds hack. Here's how you can strengthen your defenses against such an attack.

  • FOSSA Editorial Team
7 min read
Open Source in the News

TikTok, Trump, and the Future of Open Source Surveillance

What could President Trump’s executive orders on TikTok mean for other software? And what about policy related to the perceived security of open source? Do you know where your OSS comes from? Should it matter?

  • Ryan Goldman
    Ryan Goldman
6 min read
  • For the Love of Open Source © 2021 FOSSA, Inc.
  • Privacy Policy
  • Terms & Conditions