New integration between FOSSA and New Relic provides end-to-end visibility and actionable insights for developers to manage software supply chain security efficiently.
Organizations are successfully generating SBOMs for security, regulatory compliance, and business reasons, but struggle with their distribution.
An overview of the CISA Stakeholder-Specific Vulnerability Categorization (SSVC) model, focusing on its decision-making framework to categorize and prioritize vulnerabilities based on unique organizational risk profiles.
This blog post explores the introduction of SBOM requirements in PCI DSS 4.0, detailing the specific requirements and timelines, and suggesting steps for organizations to prepare for the March 2025 enforcement date.
FOSSA's free plan now includes security, license compliance, and SBOM management for up to 25 developers and 5 projects.
An overview of a significant supply chain attack on the Polyfill CDN service, including its background, impact, and mitigation strategies.
Explore how the CISA KEV Catalog aids organizations in vulnerability prioritization and learn about its evaluation process.
A new vulnerability, impacting XZ Utils with CVSS severity score of 10, brings potential remote code execution risks.
Explore how FOSSA’s Package Index enhances software supply chain visibility, enabling swift vulnerability detection and remediation.
A detailed comparison of SCA and SAST security tools, highlighting their differences and combined use for enhanced security.
Explore how a software bill of materials (SBOM) can enhance your organization's security by providing visibility into open source vulnerabilities, improving software supply chain transparency, enabling VEX, supporting vulnerability remediation, and flagging high-risk components.
Explore strategies for addressing vulnerabilities in third-party components, including patching and upgrading methods.
A discussion on open source usage and software composition analysis tools to manage OSS license compliance and security risks.
FOSSA announces the general availability of its security and license scanning for C and C++ projects, offering tailored solutions for dependency identification.
This post discusses two high-severity vulnerabilities impacting OpenSSL versions 3.0 and later, including details on how to find and fix them.
A critical remote code execution vulnerability called Text4Shell impacting the Apache Commons Text library.
An overview of the Securing Open Source Software Act, its implications for federal agencies, and potential effects on the private sector.
Recommendations from the CSRB to improve software security concerning the Log4j vulnerability, with a focus on private enterprises.
Introducing FOSSA Risk Intelligence, a private beta add-on to enhance software supply chain security by addressing risks like stale packages, abandonware, and more.
A review of critical remote code execution vulnerabilities in Spring, highlighting CVE-2022-22965 and CVE-2022-22963, their impact, and mitigation strategies.
Exploring strategies to enhance software supply chain security through sustainability practices.
Exploring the guiding principles of reproducible builds to strengthen software supply chain security.
Learn about the common security vulnerabilities in React and best practices to prevent them.
Explore detection and remediation strategies for Log4J vulnerabilities, including Log4Shell, using FOSSA's CLI.
Discover the critical CVE-2021-44228 vulnerability in Apache Log4J affecting many applications and how to mitigate it.
Explore the principles of DevSecOps, a natural extension of DevOps, focusing on integrating security testing throughout the software development lifecycle.
A significant rise in NPM packages with embedded malware has been reported, affecting popular packages like coa, rc, and ua-parser. This raises serious concerns over the ecosystem's security.
Announcing the availability of FOSSA Container Scanning, a tool that helps identify vulnerabilities and license risks in container images.
An overview of CWE-79: Cross-Site Scripting, a common web vulnerability that allows attackers to inject malicious code into web applications.
An overview of the Biden Administration's executive order on cybersecurity and its impact on software supply chain security.
Exploring the essential features of an effective Software Composition Analysis (SCA) solution through insights from IT Central Station members.
Discover key security insights from the 2020 FOSS Contributor Survey and explore actionable recommendations for open source project owners.
Announcing the launch of FOSSA Security Management, empowering enterprises to prevent vulnerabilities proactively and continuously.