Learn about the new features and improvements in CycloneDX 1.6, including Cryptographic BOM, Attestation support, and Machine Learning BOM enhancements.| fossa.com
An overview of the Eclipse Public License, its key provisions, and its compatibility with other licenses.| fossa.com
Explore the potential legal challenges GitHub Copilot faces regarding copyright infringement and license compliance of its code suggestions.| fossa.com
Explore FOSSA Quality's tools for assessing and improving the health of your software's open source components.| fossa.com
See five important factors to consider when evaluating SBOM tools for your organization in this buyer's guide.| fossa.com
A comprehensive guide to understanding open source licenses, including permissive and copyleft licenses, and how to apply them.| fossa.com
The CDDL — short for Common Development and Distribution License — is a weak copyleft open source software license initially published by Sun Microsystems.| fossa.com
An exploration of the Stockfish lawsuit against ChessBase, testing the GPL v3 license regarding derivative works and license termination.| fossa.com
An in-depth look at the Mozilla Public License 2.0, its requirements, comparisons with other licenses, and its use cases.| fossa.com
An overview of the GNU Lesser General Public License (LGPL), its requirements, permissions, and its current usage in the open source software development community.| fossa.com
Explore the differences between GPL v2 and GPL v3, understand the key features of GPL v3, and discover why it's a popular choice among developers and companies. Learn about its use cases, compatibility with Apache 2.0, and the future of GPL v3 in OSS projects.| fossa.com
An informative guide on the GNU General Public License Version 2.0, highlighting its terms, conditions, and how it contrasts with other open source licenses.| fossa.com
Explore the intricacies of the GNU Affero General Public License (AGPL), its history, requirements, and its impact on the open-source software community.| fossa.com
Explore how to effectively apply a license to your open source software project, addressing common challenges and scenarios.| fossa.com
Understanding software supply chain attacks and strategies to defend against them.| fossa.com
Learn about FOSSA's new SBOM policy feature that helps enforce SBOM standards for compliance and security.| fossa.com
Get the lowdown on the BSD 3-Clause open source software license, including key requirements and how it compares to other BSD license variants.| Dependency Heaven
Get an overview of the extremely popular MIT open source software license, including what it allows, prohibits, and requires of its users.| Dependency Heaven
See important factors to consider when choosing an open source license for your next project.| Dependency Heaven
As part of its new cybersecurity executive order, the U.S. Federal government released the minimum required elements for a software bill of materials.| Dependency Heaven
The more accurate and comprehensive an SBOM is, the more valuable it will be. See considerations and strategies for generating high-quality SBOMs in your organization.| Dependency Heaven
As enterprises shop for tools that deliver SCA at scale, let's examine what we should keep in mind when defining the right risk mitigation solution.| Dependency Heaven
Dependency confusion exploits rely on a quirk in certain package managers. See how these attacks can happen, and get guidance on preventing them.| Dependency Heaven
The U.S. Army has announced new SBOM requirements for contractors and subcontractors to improve software supply chain security. Learn about the implementation timeline, scope, and how to prepare.| fossa.com
An overview of the Cyber Resilience Act (CRA) and its implications for SBOM requirements, diving into its standards and comparisons to global initiatives.| fossa.com
Organizations are successfully generating SBOMs for security, regulatory compliance, and business reasons, but struggle with their distribution.| fossa.com
Learn about SPDX License Identifiers and License Expressions, and see how you can use them to communicate licensing information in an SBOM.| Dependency Heaven
Explore key areas of conducting technical due diligence, including auditing third-party software usage and evaluating protections on intellectual property.| Dependency Heaven
Customizability, ease of use, and support for CycloneDX and SPDX are among the most important features of a best-in-class SBOM tool.| Dependency Heaven
Explore key elements of the popular Apache 2.0 open source software license and how it compares to other permissive OSS licenses.| Dependency Heaven
Explore the history, use cases, and provisions of permissive software licenses. Plus, see how they compare to copyleft licenses.| Dependency Heaven
Get an overview of copyleft software licenses, including key provisions and how they compare to permissive licenses.| Dependency Heaven
Learn about VEX (Vulnerability Exploitability eXchange), which is used to communicate whether vulnerabilities impacting software products are actually exploitable.| Dependency Heaven
Introducing FOSSAs new SBOM Management add-on to simplify software inventory and compliance processes.| fossa.com
A new provision in PCI DSS 4.0 will require certain organizations to create and maintain SBOMs to help facilitate vulnerability management.| Dependency Heaven
Get an overview of the CISA KEV Catalog, including strategies for using the list in vulnerability prioritization and management initiatives.| Dependency Heaven
See important considerations and recommendations for requesting SBOMs (software bill of materials) from software suppliers.| Dependency Heaven
SPDX 3.0 introduces new profiles for better use case targeting and flexibility. Major upgrades include changes in document structure, profiles, relationships, and creator information.| fossa.com
Explore different SBOM formats like SPDX and CycloneDX, their specifications, and their implications for software transparency and cybersecurity.| fossa.com
Explore FOSSA's Issue Overview Dashboard to enhance your software's risk observability with insights into security, licensing, and quality issues.| fossa.com
Explore the FDA's new SBOM requirements for medical devices, detailing the scope, structure, and support information needed for compliance.| fossa.com
Explore how FOSSA’s Package Index enhances software supply chain visibility, enabling swift vulnerability detection and remediation.| fossa.com
A summary of the key insights from the ESF's latest recommendations on OSS and SBOM management.| fossa.com
Learn how FOSSA’s auto-ignore rules streamline license compliance and vulnerability remediation by minimizing redundant alerts.| fossa.com
Researchers from Ruhr University Bochum have uncovered Terrapin, a new SSH vulnerability (CVE-2023-48795) allowing man-in-the-middle attacks, affecting widely used SSH applications.| fossa.com
A detailed comparison of SCA and SAST security tools, highlighting their differences and combined use for enhanced security.| fossa.com
Explore the EPSS scoring system and how it helps prioritize vulnerability exploitability.| fossa.com
See the difference between direct dependencies and transitive dependencies, including example dependency graphs.| Dependency Heaven
Explore strategies for remediating vulnerabilities in third-party software components, including pros and cons for each.| Dependency Heaven
A new version of the CycloneDX bill of materials specification has been released. See what's new in CycloneDX v1.5.| Dependency Heaven