• License Compliance
  • Vulnerability Management
  • About FOSSA
  • Contact Us
  • License Compliance
  • Vulnerability Management
  • About FOSSA
  • Contact Us
  • Request Demo
    Request Demo
  • Vulnerability Management
  • License Compliance
  • Open Source in the News
  • Software Composition Analysis
  • Developers

Open Source in the News

A collection of 33 posts

Open Source License Compliance

Complying with GPL v3’s User Product Clause

Explore strategies for complying with the GPL v3 software license's User Product clause.

  • Chris Stevenson
    Chris Stevenson
5 min read
Open Source Vulnerability Management

OpenSSL Vulnerability 2022: Details and Fixes

Two new high-severity vulnerabilities impacting OpenSSL have been disclosed. Here's what we know about the issues and how to address them.

  • FOSSA Editorial Team
    FOSSA Editorial Team
2 min read
Open Source in the News

CVE-2022-42889 Text4Shell Vulnerability: Impact and Fixes

See important details on the Text4Shell vulnerability, including affected versions, how it compares to Log4Shell, and how to identify and remediate it.

  • FOSSA Editorial Team
    FOSSA Editorial Team
3 min read
Open Source in the News

Analyzing the Securing Open Source Software Act

A new piece of proposed legislation would direct the U.S. federal government to create a framework for assessing security risks in open source software.

  • FOSSA Editorial Team
    FOSSA Editorial Team
4 min read
Open Source Vulnerability Management

U.S. Government Memo Requires Self-Attestation to Secure Development Practices

U.S. government agencies must now require software suppliers to self-attest that they have adhered to NIST Guidance for secure software development.

  • FOSSA Editorial Team
    FOSSA Editorial Team
4 min read
Open Source Vulnerability Management

How to Implement the CSRB’s Log4j Security Recommendations

See guidance for implementing the security recommendations in the CSRB's recent report on the Log4j vulnerability.

  • FOSSA Editorial Team
    FOSSA Editorial Team
7 min read
Open Source in the News

Why Open Source is ESG

Leading IP attorney and open source software license compliance expert Heather Meeker explores the connection between ESG investing and OSS.

  • Heather Meeker
    Heather Meeker
5 min read
Software Composition Analysis

Highlights from NIST SP 800-161r1: Cybersecurity Supply Chain Risk Management

See key themes and insights from NIST SP 800-161r1: “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.”

  • FOSSA Editorial Team
    FOSSA Editorial Team
6 min read
Open Source Vulnerability Management

An Overview of Spring RCE Vulnerabilities

A pair of critical remote code execution vulnerabilities impacting Spring were disclosed this week.

  • FOSSA Editorial Team
    FOSSA Editorial Team
3 min read
Software Composition Analysis

Building a Sustainable Software Supply Chain

OpenChain GM Shane Coughlan discusses indicators of sustainable software and specific steps your organization can take to improve security.

  • Shane Coughlan
10 min read
Open Source in the News

5 Highlights from the U.S. Senate’s Log4J Vulnerability Hearing

The U.S. Senate's hearing on Log4Shell brought to light new information on the Log4J vulnerability and industry's response to it.

  • FOSSA Editorial Team
    FOSSA Editorial Team
7 min read
Open Source in the News

6 Takeaways from the Linux Foundation's SBOM Report

A new report from the Linux Foundation contains a treasure trove of data on industry attitudes toward SBOMs and software supply chain security.

  • FOSSA Editorial Team
    FOSSA Editorial Team
5 min read
Open Source in the News

Open Source Developer Sabotages npm Libraries ‘Colors,’ ‘Faker’

The developer behind popular npm libraries "Colors" and "Faker" intentionally sabotaged both packages. Here's what to do if your application is impacted.

  • FOSSA Editorial Team
    FOSSA Editorial Team
3 min read
Open Source License Compliance

Q and A: Heather Meeker on AGPL, Truth Social, OSS License Compliance

Heather Meeker, one of the world's leading OSS license compliance experts, shares insight on the AGPL and the Truth Social license compliance controversy.

  • FOSSA Editorial Team
    FOSSA Editorial Team
4 min read
Open Source in the News

Does TikTok Live Studio Violate GPL v2?

TikTok recently released a limited test of a new live streaming service, TikTok Live Studio, that may be in violation of the GPL v2 open source software license.

  • FOSSA Editorial Team
    FOSSA Editorial Team
4 min read
Open Source Vulnerability Management

How to Quickly Find and Remediate Log4J Vulnerabilities (Log4Shell)

See how your organization can quickly identify and remediate Log4J vulnerabilities in your code.

  • Solomon Rubin
    Solomon Rubin
3 min read
Open Source Vulnerability Management

How to Fix the New Log4J DoS Vulnerability: CVE-2021-45105

See the impact of the new Log4J denial of service (DoS) vulnerability, and get guidance on how to fix it.

  • Solomon Rubin
    Solomon Rubin
2 min read
Inside FOSSA

FOSSA Partners with OpenChain to Promote Open Source Management

FOSSA has partnered with OpenChain to help organizations build and maintain successful open source software license compliance programs.

  • FOSSA Editorial Team
    FOSSA Editorial Team
2 min read
Open Source in the News

Embedded Malware in NPM: Coa, Rc, Ua-parser

Several widely used NPM packages have been struck by malware in recent weeks. Get a deep dive into how the incidents happened and what you can do about them.

  • Gauthami Polasani
    Gauthami Polasani
  • Solomon Rubin
    Solomon Rubin
4 min read
Open Source in the News

The Massive Implications of Software Freedom Conservancy vs. Vizio

The Software Freedom Conservancy's lawsuit against Vizio for alleged GPL violations could have significant ramifications for OSS license enforcement.

  • FOSSA Editorial Team
    FOSSA Editorial Team
6 min read
Software Composition Analysis

4 Key Elements of Technical Due Diligence

Explore key areas of conducting technical due diligence, including auditing third-party software usage and evaluating protections on intellectual property.

  • FOSSA Editorial Team
    FOSSA Editorial Team
5 min read
Open Source in the News

bouk/monkey and the Importance of Knowing Your Dependencies

A recent news item involving the bouk/monkey open source program shows why it's so important for organizations to have visibility into their dependencies.

  • FOSSA Editorial Team
    FOSSA Editorial Team
4 min read
Open Source in the News

Stockfish vs. ChessBase and What it Means for GPL v3

Stockfish vs. ChessBase could test several key provisions of GPL v3. Here's our analysis of the case, with input from OSS compliance expert Heather Meeker.

  • FOSSA Editorial Team
    FOSSA Editorial Team
5 min read
Software Composition Analysis

The Minimum Required Elements of a Software Bill of Materials

As part of its new cybersecurity executive order, the U.S. Federal government released the minimum required elements for a software bill of materials.

  • FOSSA Editorial Team
    FOSSA Editorial Team
5 min read
Open Source License Compliance

Analyzing the Legal Implications of GitHub Copilot

The release of GitHub Copilot raises questions about potential copyright infringement and license compliance issues.

  • FOSSA Editorial Team
    FOSSA Editorial Team
6 min read
  • For the Love of Open Source © 2023 FOSSA, Inc.
  • Privacy Policy
  • Terms & Conditions