Open Source in the News 4 Takeaways from the ESF’s OSS and SBOM Management Recommendations A new publication from the Enduring Security Framework (ESF) working group includes recommendations to help organizations manage SBOMs and OSS-related risks.
Open Source Vulnerability Management Terrapin (CVE-2023-48795): New Attack Impacts the SSH Protocol The recently announced Terrapin attack (CVE-2023-48795) impacts the popular SSH protocol. Here’s what you need to know about the vulnerability.
Open Source Vulnerability Management Understanding and Using the EPSS Scoring System EPSS (Exploit Prediction Scoring System) measures how likely a vulnerability is to be exploited in the wild.
Open Source Vulnerability Management Best Practices for Generating High-Quality SBOMs The more accurate and comprehensive an SBOM is, the more valuable it will be. See considerations and strategies for generating high-quality SBOMs in your organization.
Software Composition Analysis SBOM Examples, Explained See two SBOM examples, including practical explanations for data fields and document sections.
Software Composition Analysis Understanding and Using SPDX License Identifiers and License Expressions Learn about SPDX License Identifiers and License Expressions, and see how you can use them to communicate licensing information in an SBOM.
Open Source Vulnerability Management 5 Ways SBOM Can Strengthen Security See five ways SBOMs can improve security, including enhanced visibility into vulnerabilities and support for remediation.
