Open Source License Compliance Customer Q&A: Collibra's Journey to Scaling OSS License Compliance Amanda Weare, Collibra’s VP and Deputy General Counsel, discusses her experience managing Collibra's open source license compliance program.
Open Source Vulnerability Management A Practical Guide to the SLSA Framework SLSA is a Google-created framework designed to help organizations improve the integrity of their software supply chains.
Open Source Vulnerability Management How to Implement the CSRB’s Log4j Security Recommendations See guidance for implementing the security recommendations in the CSRB's recent report on the Log4j vulnerability.
Developer Perspectives Rust: How to Transform a Byte Stream for Fun and Profit Here's one way to think about Rust readers that plays nicely with the way Rust programmers naturally think about streaming values.
Open Source in the News Why Open Source is ESG Leading IP attorney and open source software license compliance expert Heather Meeker explores the connection between ESG investing and OSS.
Inside FOSSA Announcing the Private Beta of FOSSA Risk Intelligence We're excited to announce the private beta of FOSSA Risk Intelligence, which will help users harden their software supply chains.
Open Source License Compliance Open Source Licenses 101: SIL Open Font License (OFL) The SIL Open Font License is an open source license designed for fonts and related software. Explore the license's notable requirements and provisions.
Open Source License Compliance How to Build an Open Source License Compliance Program, Featuring Jim Markwith Technology and transactions attorney Jim Markwith (JD/MBA) lists several key ingredients of a successful open source license compliance program.
Open Source Vulnerability Management Understanding and Preventing Dependency Confusion Attacks Dependency confusion exploits rely on a quirk in certain package managers. See how these attacks can happen, and get guidance on preventing them.
Software Composition Analysis Highlights from NIST SP 800-161r1: Cybersecurity Supply Chain Risk Management See key themes and insights from NIST SP 800-161r1: “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.”
Open Source in the News The Massive Implications of Software Freedom Conservancy vs. Vizio The Software Freedom Conservancy's lawsuit against Vizio for alleged GPL violations could have significant ramifications for OSS license enforcement.
Open Source License Compliance Open Source Licenses 101: Boost Software License Get an overview of the Boost Software License, including key requirements and permissions, and see how it compares to other permissive licenses.
Open Source License Compliance Open Source Licenses 101: The CDDL (Common Development and Distribution License) Get an overview of the CDDL (Common Development and Distribution License), including requirements and comparisons to other weak copyleft licenses.
Software Composition Analysis Best Practices for Implementing Software Composition Analysis, Featuring Rancher Labs Rancher Labs Senior Engineering Manager Hayden Barnes shares four strategies to help ensure a successful software composition analysis implementation.
Software Composition Analysis 4 Reasons Rancher Labs Chose FOSSA See why Kubernetes management company Rancher Labs (part of SUSE) chose FOSSA to reduce open source license compliance and vulnerability risk.
Open Source Vulnerability Management An Overview of Spring RCE Vulnerabilities A pair of critical remote code execution vulnerabilities impacting Spring were disclosed this week.
Software Composition Analysis Building a Sustainable Software Supply Chain OpenChain GM Shane Coughlan discusses indicators of sustainable software and specific steps your organization can take to improve security.
Inside FOSSA Announcing New Support for C/C++ Scanning, SBOMs FOSSA has released new features that enable C/C++ dependency scanning and make it easier for organizations to generate SBOMs.
Software Composition Analysis How FOSSA Addresses Challenges Scanning C/C++ Code Get an overview of challenges with scanning and identifying dependencies in C/C++ code, and see how FOSSA addresses these issues.
Developer Perspectives The Three Pillars of Reproducible Builds Explore three key principles of designing reproducible builds: repeatable builds, immutable environments, and source availability.
Developer Perspectives Overriding Dependency Versions and Using Version Ranges in Maven Get step-by-step guidance on managing dependencies in Maven: declaring dependencies, overriding dependency versions, and using version ranges.
Open Source in the News 5 Highlights from the U.S. Senate’s Log4J Vulnerability Hearing The U.S. Senate's hearing on Log4Shell brought to light new information on the Log4J vulnerability and industry's response to it.
Open Source in the News 6 Takeaways from the Linux Foundation's SBOM Report A new report from the Linux Foundation contains a treasure trove of data on industry attitudes toward SBOMs and software supply chain security.
Open Source Vulnerability Management React Security: How to Fix Common Vulnerabilities Explore several common vulnerabilities that impact React component libraries and see how to remediate them.
Open Source License Compliance OSS License Compliance Expert Heather Meeker on the AGPL Heather Meeker, one of the world's foremost experts on open source license compliance, discusses the AGPL and its provisions covering network deployment.
