Open Source License Compliance Heather Meeker on Open Source License Compliance Tools Leading OSS licensing expert Heather Meeker shares guidance to help organizations evaluate new compliance tools and get more value from existing ones.
Open Source License Compliance Customer Q&A: Collibra's Journey to Scaling OSS License Compliance Amanda Weare, Collibra’s VP and Deputy General Counsel, discusses her experience managing Collibra's open source license compliance program.
Inside FOSSA Enable Global Visibility and Swift Remediation with Package Index Package Index offers comprehensive visibility into your software supply main, making it much easier to find a specific package or vulnerability.
Open Source in the News 4 Takeaways from the ESF’s OSS and SBOM Management Recommendations A new publication from the Enduring Security Framework (ESF) working group includes recommendations to help organizations manage SBOMs and OSS-related risks.
Inside FOSSA Reduce Alert Fatigue with FOSSA’s Auto-Ignore Rules Explore the recently launched auto-ignore feature, which streamlines issue resolution across multiple projects and package versions
Open Source Vulnerability Management Terrapin (CVE-2023-48795): New Attack Impacts the SSH Protocol The recently announced Terrapin attack (CVE-2023-48795) impacts the popular SSH protocol. Here’s what you need to know about the vulnerability.
Software Composition Analysis SCA vs. SAST: Comparing Security Tools SCA and SAST both support security use cases, but there there are some significant differences between the tools.
Open Source License Compliance Dual-Licensing Models Explained, Featuring Heather Meeker Dual licensing is when software is offered under either a choice between licenses — or when multiple licenses must be applied simultaneously.
Open Source License Compliance A Comprehensive Guide to Source-Available Software Licenses, Featuring Heather Meeker Leading software licensing expert Heather Meeker discusses source-available software licenses, including their key provisions and requirements.
Open Source Vulnerability Management Understanding and Using the EPSS Scoring System EPSS (Exploit Prediction Scoring System) measures how likely a vulnerability is to be exploited in the wild.
Open Source Vulnerability Management Best Practices for Generating High-Quality SBOMs The more accurate and comprehensive an SBOM is, the more valuable it will be. See considerations and strategies for generating high-quality SBOMs in your organization.
Open Source Vulnerability Management Curl Vulnerabilities: Impact and Fixes (Curl 8.4.0) New vulnerabilities impacting the popular Curl command line tool and library were disclosed on Oct. 11. See details and fixes.
Open Source License Compliance 5 Ways to Reduce GitHub Copilot Security and Legal Risks See how to manage the potential security, legal, privacy, and maintainability risks that can come with using AI coding tools.
Open Source License Compliance Snippet Scanning, Explained Get an overview of snippet scanning, including its purpose and how it works, and learn about FOSSA's approach.
Software Composition Analysis SBOM Examples, Explained See two SBOM examples, including practical explanations for data fields and document sections.
Software Composition Analysis Understanding and Using SPDX License Identifiers and License Expressions Learn about SPDX License Identifiers and License Expressions, and see how you can use them to communicate licensing information in an SBOM.
Open Source License Compliance Business Source License (BSL 1.1): Requirements, Provisions, and History See key requirements and provisions in the Business Source License (BSL), a middle ground of sorts between open source and end-user licenses.
Open Source Vulnerability Management 5 Ways SBOM Can Strengthen Security See five ways SBOMs can improve security, including enhanced visibility into vulnerabilities and support for remediation.
Inside FOSSA FOSSA Product Updates: August 2023 Get an overview of additions and improvements to the FOSSA platform, including Jira enhancements and auto-ignore rules.
Developer Perspectives Direct Dependencies vs. Transitive Dependencies See the difference between direct dependencies and transitive dependencies, including example dependency graphs.
Software Composition Analysis An Early Look at SPDX 3.0 See what to expect with the upcoming release of SPDX v3.0, such as the introduction of use case-specific profiles and increased flexibility.
Open Source Vulnerability Management Vulnerability Remediation Tactics Explore strategies for remediating vulnerabilities in third-party software components, including pros and cons for each.
Software Composition Analysis What’s New in CycloneDX 1.5? A new version of the CycloneDX bill of materials specification has been released. See what's new in CycloneDX v1.5.
Open Source Vulnerability Management VEX (Vulnerability Exploitability eXchange): Purpose and Use Cases Learn about VEX (Vulnerability Exploitability eXchange), which is used to communicate whether vulnerabilities impacting software products are actually exploitable.
Inside FOSSA The FOSSA Podcast: Product Management from Startup to Enterprise The FOSSA Podcast covers engineering-product team collaboration (and friction), product management tools, when to hire your first PM, and more.
Open Source in the News Generative AI and Software Development: Copyright Law and License Compliance See important copyright law and open source license compliance considerations when using generative AI in software development.
Developer Perspectives The FOSSA Podcast: Managing Engineering Projects This episode of The FOSSA Podcast discusses managing engineering projects, including scaling teams, measuring success, and delegating work.
