Learn about the new features and improvements in CycloneDX 1.7, including new patent-related fields and expanded cryptography support.
FOSSA's new license concluded feature simplifies the process of analyzing multiple declared and discovered licenses associated with a single dependency.
Learn about Common Platform Enumeration (CPE), including its importance to software transparency and the SBOM ecosystem.
Learn about SBOM (software bill of materials) requirements in the FedRAMP Rev5 and the new FedRAMP 20x.
Learn why the Shai-Hulud malware is a significant threat to the npm ecosystem, and see how FOSSA's Impact Assessment Tool can help mitigate the risk.
FOSSA's new Snippet Scanning product helps organizations manage IP legal risks associated with AI coding tools.
See four methods for generating an SBOM — from source code, from an ecosystem-specific tool, from a container, and from a binary file.
Learn about new SBOM (software bill of materials) requirements from SEBI, India's securities and commodities market regulator.
Learn about five lawsuits that have helped shape global enforcement of open source software licenses.
See five important factors to consider when evaluating SBOM tools for your organization in this buyer's guide.
Learn how FOSSA's Dynamic SBOM Sharing feature facilitates the secure exchange of SBOMs between SBOM distributors and consumers.
Learn about FOSSA's Time-Based Ignore Rules, which help teams implement temporary exceptions to security, license compliance, and quality policies.
Learn about FOSSA's new Issue Diffs feature, which makes it easy to compare licensing, security, and quality issues between software versions.
Learn about PURL — the Package URL Specification — including its utility for SBOM management and how it compares to other unique identifiers.
See how FOSSA's hack week projects are already making a difference for our customers.
Introducing FOSSA Package Labels - a powerful way to annotate packages with contextual metadata, enabling more efficient and insightful reporting and filtering.
Learn about slopsquatting, an emerging category of software supply chain risk that can stem from AI coding tools.
FOSSA's new Binary Composition Analysis (BCA) product enables organizations to mange security, license compliance, and SBOMs for binary files.
An analysis of the CERT-In guidelines for building and managing an SBOM program, recommended data fields, automation support, and best practices.
An exploration of the importance of SBOMs in complying with the EU's Digital Operational Resilience Act (DORA), focusing on software tracking and monitoring requirements for financial entities.
Explore the new functionalities of FOSSA for managing SBOMs, vulnerabilities, and open source license compliance, including automated NOTICE file recreation and FDA compliance support.
FOSSA introduces a new business tier tailored for smaller teams, offering flexible pricing and comprehensive features for SBOM, vulnerability management, and license compliance.
Learn about FOSSA's new SBOM policy feature that helps enforce SBOM standards for compliance and security.
The U.S. Army has announced new SBOM requirements for contractors and subcontractors to improve software supply chain security. Learn about the implementation timeline, scope, and how to prepare.
This blog post explores the introduction of SBOM requirements in PCI DSS 4.0, detailing the specific requirements and timelines, and suggesting steps for organizations to prepare for the March 2025 enforcement date.
Explore how the CISA KEV Catalog aids organizations in vulnerability prioritization and learn about its evaluation process.
Discover how Sentry manages software license compliance through policies, processes, and automation using FOSSA's open source management platform.
SPDX 3.0 introduces new profiles for better use case targeting and flexibility. Major upgrades include changes in document structure, profiles, relationships, and creator information.
A detailed comparison of SCA and SAST security tools, highlighting their differences and combined use for enhanced security.
Discover the latest enhancements and features introduced by FOSSA, designed to improve your experience with our platform.
In this episode of The FOSSA Podcast, our senior product manager and a longtime engineer discuss product development's evolution as companies grow, including collaboration, management tools, and growth vs. retention strategies.
Explores the impact of recent U.S. Copyright Office decisions on generative AI, potential risks from open source licensing, and strategies to mitigate IP risk in software development.
The fifth episode of The FOSSA Podcast discusses managing engineering projects with insights from FOSSA’s VP of Engineering and a senior developer.
Explore the differences between FOSSA's deployment models and find the best option for your organization.
A discussion on open source usage and software composition analysis tools to manage OSS license compliance and security risks.
See important criterial for evaluating SBOM tools and picking the best one for your organization.
The third episode of The FOSSA Podcast discusses managing strategic customer relationships, offering guidance on structuring customer success teams and building a company-wide customer-success mindset.
An exploration of open source license compliance in the container ecosystem, discussing key components and compliance strategies.
In the second episode of the FOSSA Engineering Podcast, engineers reflect on early-stage technology choices and offer guidance for developers facing similar decisions.
Explore trends, predictions, and observations on mission-critical open source management, including SBOM data usage, license compliance automation, and more.
FOSSA's podcast explores the adoption of Haskell into its codebase, discussing the reasons and benefits of the functional programming language.
Learn how to authenticate the FOSSA CLI using 1Password's shell plugin for secure and easy integration.
Discover how Applause, led by CTO Rob Mason, leverages FOSSA to optimize open source management, reducing burdens on developers.
This post discusses two high-severity vulnerabilities impacting OpenSSL versions 3.0 and later, including details on how to find and fix them.
A critical remote code execution vulnerability called Text4Shell impacting the Apache Commons Text library.
Explore the Microsoft Public License (Ms-PL), often used in .NET projects, known for its unique place in the open source licensing landscape.
An overview of the Securing Open Source Software Act, its implications for federal agencies, and potential effects on the private sector.
The U.S. federal government’s Office of Management and Budget published a memo requiring software suppliers to self-attest to secure development practices, impacting government and private sector software supply chains.
A discussion with Heather Meeker on pressing issues related to open source software license compliance, featuring key Q and A highlights from a recent webinar.
FOSSA has achieved the Great Place to Work Certification™, showcasing its commitment to a supportive and inclusive work environment.
Recommendations from the CSRB to improve software security concerning the Log4j vulnerability, with a focus on private enterprises.
An overview of the SIL Open Font License (OFL), its versions, and provisions for font software use, modification, and redistribution.
An overview of NIST's updated recommendations for managing cybersecurity risks across supply chains, featuring frameworks and templates for organizations.
Exploration of Software Freedom Conservancy's lawsuit against Vizio and its potential impact on open source license enforcement.
A thorough examination of the Boost Software License, showcasing its similarities to and differences from other permissive licenses.
The CDDL — short for Common Development and Distribution License — is a weak copyleft open source software license initially published by Sun Microsystems.
Explore why Rancher Labs selected FOSSA for open source management, enhancing their development efficiency and security posture.
A review of critical remote code execution vulnerabilities in Spring, highlighting CVE-2022-22965 and CVE-2022-22963, their impact, and mitigation strategies.
Exploring the challenges of scanning C and C++ code and how FOSSA addresses these challenges with their code scanning technology.
Explore how Maven handles dependency versions, including declaring dependencies, overriding them, and utilizing version ranges.
An overview of the U.S. Senate's hearing on the Log4J vulnerability, highlighting key discussions on software security.
A detailed analysis of the Linux Foundation's SBOM report, outlining key insights into software supply chain security.
A discussion on essential DevSecOps tools that help automate software testing and management, enhancing security throughout the software development lifecycle.
Exploring the license compliance concerns surrounding TikTok Live Studio's use of GPL v2-licensed OBS Studio.
Highlights from a webinar with open source licensing expert Heather Meeker discussing AGPL, Truth Social's compliance issues, and Google's AGPL policy.
FOSSA has partnered with OpenChain to support organizations in achieving OpenChain Conformance, promoting compliance with OSS licensing requirements.
Announcing FOSSA's revamped CLI that simplifies integrations with reduced configuration. Discover the new features and improvements.
An overview of the Eclipse Public License, its key provisions, and its compatibility with other licenses.
Explore the essential aspects of technical due diligence, from third-party software usage to intellectual property protections.
Explore common questions related to FOSSA’s SBOM solution including its features, export formats, and security aspects.
Exploring the significance of understanding software dependencies, licenses, and the unusual case of bouk/monkey's license.
Exploring the implementation of Zero Trust through Role-Based Access Control (RBAC) with FOSSA.
Explore best practices for OSS management in the automotive industry to reduce license compliance, security, and quality risks.
FOSSA is recognized as a significant SCA solution in The Forrester Wave™ report, achieving highest scores in license risk management and SBOM criteria.
An exploration of the Stockfish lawsuit against ChessBase, testing the GPL v3 license regarding derivative works and license termination.
An overview of the minimum required elements for a Software Bill of Materials (SBOM) as outlined by the U.S. Federal Government's NTIA.
Explore the potential legal challenges GitHub Copilot faces regarding copyright infringement and license compliance of its code suggestions.
Explore today’s container image security landscape and learn strategies to fend off cyber threats like vulnerability scanning and digital signatures.
An overview of CWE-79: Cross-Site Scripting, a common web vulnerability that allows attackers to inject malicious code into web applications.
Explore the impact of copyleft licenses on venture capital investments, including insights from IP lawyer Kate Downing and the NVCA Stock Purchase Agreement Model Form.
An overview of the Biden Administration's executive order on cybersecurity and its impact on software supply chain security.
Explore the significance of Software Bill of Materials (SBOM), its formats, use cases, and essential elements crucial for compliance and security in the software supply chain.
Explore how Software Composition Analysis (SCA) helps teams manage open source software vulnerabilities.
Exploring supply chain security risks in automotive industry and how software composition analysis can mitigate these threats.
Explore the components and staffing necessary for establishing a successful Open Source Program Office to manage and strategize open source software use.
Guidance on choosing the right open source software license compliance tool, covering aspects such as scanning, automation, integration, issue management, and reporting.
An analysis of the 2021 State of Open Source Vulnerabilities report, highlighting frequent targets like Java and JavaScript, common issues such as poor input validation, and vulnerable libraries.
Explore strategies for maximizing open source software benefits while ensuring compliance and security.
Explore how UiPath reduces open source risk through collaboration between engineering, compliance, and security teams.
Discover how Software Composition Analysis (SCA) helps you manage and reduce risks associated with open source components in your software.
Discover how Zendesk's legal team improved open source compliance with the help of FOSSA, optimizing workflows and reducing time spent on compliance processes.
FOSSA has achieved SOC 2 Type 2 compliance, reaffirming its commitment to the highest standards of security and data protection.
Heather Meeker shares insights on open source software licensing and the role of automation in managing license notices.
