Open Source Vulnerability Management The Role of SBOMs in Managing DORA Compliance See why SBOMs play an important role in compliance with DORA, a European Union cybersecurity regulation for financial organizations.
Open Source Vulnerability Management A Proposal for the Future of SBOM Minimum Elements See proposed changes to the current list of NTIA SBOM minimum elements, including the addition of several new data fields.
Open Source Vulnerability Management Understanding SBOM Requirements in PCI DSS A new provision in PCI DSS 4.0 will require certain organizations to create and maintain SBOMs to help facilitate vulnerability management.
Open Source Vulnerability Management Defining SBOM Requirements for Software Suppliers See important considerations and recommendations for requesting SBOMs (software bill of materials) from software suppliers.
Software Composition Analysis SPDX 3.0 Is Released See what's new in SPDX v3.0, such as the introduction of use case-specific profiles and increased flexibility.
Open Source Vulnerability Management What’s New in CycloneDX 1.6? CycloneDX 1.6, the newest version of the popular bill of material specification, was released this week.
Open Source Vulnerability Management SBOM Formats Explained and Compared Learn about the similarities and differences between popular SBOM (software bill of materials) formats like CycloneDX and SPDX.
Open Source Vulnerability Management Complying with the FDA’s SBOM Requirements The FDA now requires medical device manufacturers to submit an SBOM (software bill of materials) as part of the premarket review process.
Software Composition Analysis SCA vs. SAST: Comparing Security Tools SCA and SAST both support security use cases, but there there are some significant differences between the tools.
Software Composition Analysis SBOM Examples, Explained See two SBOM examples, including practical explanations for data fields and document sections.
Software Composition Analysis Understanding and Using SPDX License Identifiers and License Expressions Learn about SPDX License Identifiers and License Expressions, and see how you can use them to communicate licensing information in an SBOM.
Open Source Vulnerability Management 5 Ways an SBOM Can Strengthen Security See five ways SBOMs can improve security, including enhanced visibility into vulnerabilities and support for remediation.
Software Composition Analysis What’s New in CycloneDX 1.5? A new version of the CycloneDX bill of materials specification has been released. See what's new in CycloneDX v1.5.
Open Source Vulnerability Management VEX (Vulnerability Exploitability eXchange): Purpose and Use Cases Learn about VEX (Vulnerability Exploitability eXchange), which is used to communicate whether vulnerabilities impacting software products are actually exploitable.
Software Composition Analysis The FOSSA Podcast: SCA Purchasing and Implementation Trends Episode 4 of The FOSSA Podcast discusses how organizations are evaluating SCA tools along with important factors in a successful implementation.
Software Composition Analysis A Framework for Evaluating SBOM Tools Customizability, ease of use, and support for CycloneDX and SPDX are among the most important features of a best-in-class SBOM tool.
Open Source in the News 2023 Open Source Management Trends, Predictions, and Observations In 2023, we expect organizations to prioritize using SBOM data, automating open source license compliance, and maintaining visibility into software composition.
Software Composition Analysis How Applause Makes Open Source Management Work for Developers See how Applause has built developer-friendly open source license compliance and security programs with a significant assist from FOSSA.
Software Composition Analysis Highlights from NIST SP 800-161r1: Cybersecurity Supply Chain Risk Management See key themes and insights from NIST SP 800-161r1: “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.”
Software Composition Analysis Best Practices for Implementing Software Composition Analysis, Featuring Rancher Labs Rancher Labs Senior Engineering Manager Hayden Barnes shares four strategies to help ensure a successful software composition analysis implementation.
Software Composition Analysis 4 Reasons Rancher Labs Chose FOSSA See why Kubernetes management company Rancher Labs (part of SUSE) chose FOSSA to reduce open source license compliance and vulnerability risk.
Software Composition Analysis Building a Sustainable Software Supply Chain OpenChain GM Shane Coughlan discusses indicators of sustainable software and specific steps your organization can take to improve security.
Inside FOSSA Announcing New Support for C/C++ Scanning, SBOMs FOSSA has released new features that enable C/C++ dependency scanning and make it easier for organizations to generate SBOMs.
Software Composition Analysis How FOSSA Addresses Challenges Scanning C/C++ Code Get an overview of challenges with scanning and identifying dependencies in C/C++ code, and see how FOSSA addresses these issues.
Open Source in the News 6 Takeaways from the Linux Foundation's SBOM Report A new report from the Linux Foundation contains a treasure trove of data on industry attitudes toward SBOMs and software supply chain security.
