Software Composition Analysis Understanding and Using SPDX License Identifiers and License Expressions Learn about SPDX License Identifiers and License Expressions, and see how you can use them to communicate licensing information in an SBOM.
Open Source Vulnerability Management 5 Ways SBOMs Can Strengthen Security See five ways SBOMs can improve security, including enhanced visibility into vulnerabilities and support for remediation.
Open Source Vulnerability Management Vulnerability Remediation Tactics Explore strategies for remediating vulnerabilities in third-party software components, including pros and cons for each.
Open Source Vulnerability Management VEX (Vulnerability Exploitability eXchange): Purpose and Use Cases Learn about VEX (Vulnerability Exploitability eXchange), which is used to communicate whether vulnerabilities impacting software products are actually exploitable.
Open Source Vulnerability Management How to Operationalize SBOMs Throughout the SDLC Explore best practices for getting value from software bill of materials (SBOM) data throughout the software development lifecycle.
Open Source Vulnerability Management OpenSSL Vulnerability 2022: Details and Fixes Two new high-severity vulnerabilities impacting OpenSSL have been disclosed. Here's what we know about the issues and how to address them.
Open Source in the News CVE-2022-42889 Text4Shell Vulnerability: Impact and Fixes See important details on the Text4Shell vulnerability, including affected versions, how it compares to Log4Shell, and how to identify and remediate it.
Open Source in the News Analyzing the Securing Open Source Software Act A new piece of proposed legislation would direct the U.S. federal government to create a framework for assessing security risks in open source software.
Open Source Vulnerability Management U.S. Government Memo Requires Self-Attestation to Secure Development Practices U.S. government agencies must now require software suppliers to self-attest that they have adhered to NIST Guidance for secure software development.
Open Source Vulnerability Management A Practical Guide to the SLSA Framework SLSA is a Google-created framework designed to help organizations improve the integrity of their software supply chains.
Open Source Vulnerability Management How to Implement the CSRB’s Log4j Security Recommendations See guidance for implementing the security recommendations in the CSRB's recent report on the Log4j vulnerability.
Inside FOSSA Announcing the Private Beta of FOSSA Risk Intelligence We're excited to announce the private beta of FOSSA Risk Intelligence, which will help users harden their software supply chains.
Open Source Vulnerability Management Understanding and Preventing Dependency Confusion Attacks Dependency confusion exploits rely on a quirk in certain package managers. See how these attacks can happen, and get guidance on preventing them.
Open Source Vulnerability Management An Overview of Spring RCE Vulnerabilities A pair of critical remote code execution vulnerabilities impacting Spring were disclosed this week.
Developer Perspectives The Three Pillars of Reproducible Builds Explore three key principles of designing reproducible builds: repeatable builds, immutable environments, and source availability.
Open Source in the News 5 Highlights from the U.S. Senate’s Log4J Vulnerability Hearing The U.S. Senate's hearing on Log4Shell brought to light new information on the Log4J vulnerability and industry's response to it.
Open Source Vulnerability Management React Security: How to Fix Common Vulnerabilities Explore several common vulnerabilities that impact React component libraries and see how to remediate them.
Open Source Vulnerability Management How to Quickly Find and Remediate Log4J Vulnerabilities (Log4Shell) See how your organization can quickly identify and remediate Log4J vulnerabilities in your code.
Open Source Vulnerability Management How to Fix the New Log4J DoS Vulnerability: CVE-2021-45105 See the impact of the new Log4J denial of service (DoS) vulnerability, and get guidance on how to fix it.
Open Source Vulnerability Management Log4J "Log4Shell" Zero-Day Vulnerability: Impact and Fixes A critical vulnerability has been discovered in Apache Log4J, the popular java open source logging library. Here's what happened and how to fix it.
Open Source Vulnerability Management DevSecOps 101: Understanding and Implementing DevSecOps Principles See how DevSecOps principles can make software development more secure, and discover strategies for an effective DevSecOps implementation.
Open Source in the News Embedded Malware in NPM: Coa, Rc, Ua-parser Several widely used NPM packages have been struck by malware in recent weeks. Get a deep dive into how the incidents happened and what you can do about them.
Open Source Vulnerability Management Anatomy of a Software Supply Chain Attack Software supply chain attacks are an increasingly common and dangerous type of cyberattack. Here's how to defend against them.
Open Source Vulnerability Management Container Image Security and Vulnerability Scanning Get an overview of today's container image security landscape, including common attack vectors and the importance of vulnerability scanning.
Open Source Vulnerability Management All About CWE-79: Cross-Site Scripting CWE-79: Cross Site Scripting (XSS) is one of today's most commonly found vulnerabilities. Here's a look at different types of XSS attacks and how to stop them.
