FOSSA

11/22/2022

How do you get Engineering buy-in on OSS license compliance? You conduct compliance in the way that is most efficient.

Here are a few tips:
1. Compliance tooling is as only effective as the engineers that use it.
2. Use a broad coverage of popular programming languages.
3. Use tools that integrate with Engineering’s preferred workflows and development environments.

Learn more here:

Given the large volume of open source software in modern applications, it can be quite difficult to manage OSS license compliance obligations with manual processes alone. But picking the right compliance tool — and then realizing value from it on an ongoing basis — can be easier said than done, ...

11/17/2022

Join us on December 1st to learn how to operationalize an !

It requires buy-in from the right stakeholders, building the right SBOM-related workflows, and using the right tools — and this can be easier said than done.

FOSSA's Head of Product Kenaz Kwa will discuss best practices for generating SBOMs that can be used throughout the SDLC:

For all of the attention paid to SBOMs (software bill of materials) in recent years, there’s been little conversation about a mission-critical supply chain security use case: integrating SBOMs throughout the software development lifecycle. Instead, SBOMs are generated as a check-box item, placed i...

11/16/2022

"Shifting left" refers to the idea that it’s best to identify and fix issues as early as possible in the SDLC.

In the context of open source license compliance and vulnerability management, teams should seek to conduct license compliance and vulnerability analysis integrated directly into existing engineering workflows and as a key component of the CI/CD pipeline.

The security team at UiPath shares, “We’ve seen that it’s a better experience at the CI/CD pipeline level than doing it as a git integration (the code level)."

Learn more on how leveraging FOSSA's CLI helped them reduce open source risk: http://ow.ly/sZF550LGqo3

Experts from UiPath share best practices to help teams collaborate to reduce risk in their use of open source software.

11/15/2022

Companies like Slack generate Software of Bills ( ) with FOSSA in just minutes.

Learn how to upload your own project in FOSSA's platform integration and how to create a compliance report in accordance with the Cybersecurity Executive Order.

11/14/2022

software is hugely changing IP risk in the software supply chain.

With the U.S. Supreme Court poised to consider what one lawyer calls the “copyright war of the century” and disputes related to continuing to arise, the space appears to pose increasing legal and reputational risks for businesses.

In partnership with Above the Law, we created a whitepaper for companies to navigate and understand this new landscape:

1. How open-source software became so widespread
2. Why IP risks proliferate in the software supply chain
3. The perils of litigating open source issues

Read more: https://bit.ly/3g2d5Ke

11/10/2022

Why are SBOMs top of mind for in-house counsel at tech companies?

“Number one: security concerns. provide the roadmap in what’s inside your technology. It helps address issues, including compliance, if software offerings are compliant, and for sales.

Customers are wanting more of these—the Biden Executive Order makes it clear that the government is focusing and moving more in that direction,” shares Ryan Cobb, Director of IP at Okta.

Learn more here: https://bit.ly/3ElTrSP

11/09/2022

Shane Coughlan, GM of OpenChain Project, explains how software composition analysis (SCA) tools like FOSSA support compliance with OpenChain ISO/IEC 5230:2020, the international standard for open source license compliance: https://bit.ly/3fEQRxX

11/08/2022

3 Tips on Container License Compliance

1. Consider bringing any licensing policies you’ve applied to other areas of your organization to the container environment
2. Build a pre-approved, private registry of base images that are all covered by your organization's policies
3. Use a tool like FOSSA that offers container image license scanning and management

Learn more:

The container ecosystem is fueled by open source components, which means container users must be mindful of license compliance obligations.

11/08/2022

Evan LeBon, VP and Head of Legal of , shared how in-house counsel can ensure compliance processes keep pace with development.

Learn how the shift from a handful of releases each year to the modern world of dynamic build pipelines, automation, and CI/CD has forced legal teams to address various new challenges. Watch the recording:

As a technology-focused attorney with several leading software companies, Evan LeBon has had a front-row seat to the evolution of software development — and the profound impact it’s had on in-house counsel. The shift from a handful of releases each year to the modern world of dynamic build pipel...

11/07/2022

Is open source ESG?

"When it comes to open source, a company today is either part of the solution or part of the problem. These days, almost all companies use software, and most develop it as well.

Companies that have moved beyond the initial stage of using open source software, and matured to the point of releasing it—or even basing their businesses on it—have better reputations in technical communities," says Heather Meeker (Tech Law Partners LLP).

Read more here: http://ow.ly/y3Kj50LwPji

Leading IP attorney and open source software license compliance expert Heather Meeker explores the connection between ESG investing and OSS.

06/01/2022

We're excited to announce our partnership with Itransition! Their expertise in digital solutions combined with FOSSA’s technology will allow organizations to identify, control, and remediate risk across their open source software supply chains. Read more here: https://bit.ly/3M9WgHj

02/15/2022

Here's what happened during last week's U.S. Senate hearing on the Log4J vulnerability:

The U.S. Senate's hearing on Log4Shell brought to light new information on the Log4J vulnerability and industry's response to it.