FOSSA

💡 Last Chance Webinar Registration: Get Ready for the EU’s Cyber Resilience Act (CRA): How to Manage SBOM Requirements Don't miss out on the opportunity to register for our webinar TODAY at 3:00 pm BST / 10:00 am EDT with CRA expert Olle E Johansson, who will help make sense of the CRA’s scope, timeline, and requirements. Olle will discuss: 1️⃣ How to use SBOMs to enable compliance with the CRA’s vulnerability identification and reporting requirements 2️⃣ Tools needed to comply with the CRA’s SBOM requirements 3️⃣ What organizations should do now to stay on track to meet the short timeline for compliance 4️⃣ And more! Register and join us today! 🌟 https://lnkd.in/eKFQav-C #SBOM #CyberSecurity #CRA

🚀 Big News: FOSSA Launches Brand New Free Experience 🚀 We want to make it easy for teams to start securing their software and evaluate new security tools without requiring a sales conversation or a POC before they're ready. We are thrilled to announce our new FREE capabilities for up to 25 contributing developers and 5 projects. Free users can now: ✅ Detect and fix vulnerabilities ✅ Generate and share SBOMs ✅ Automate license compliance Check out the full announcement, or sign up free today! 🔗 https://lnkd.in/gbNQUzaC #SBOM #LicenseCompliance #VulnerabilityMangement #OSS

We're so excited to announce that FOSSA is sponsoring Security BSides Las Vegas! 🎉 📍 Las Vegas, NV 🗓️ August 6 & 7, 2024 Be sure to stop by our booth to learn more about our SBOM management, vulnerability prioritization, and all things software supply chain security. See you there! 👋🏻 #Security #CyberSecurity #OpenSource #SBOM #BSidesLV

Do you know about FOSSA's auto-ignore rules? Auto-ignore rules were designed to significantly streamline license compliance and vulnerability remediation. By creating a rule just once, you can apply it across other projects or future versions of a given package. This feature isn't just about reducing the number of alerts; it's about creating an intelligent system that remembers your decisions and applies them across your projects and future package versions. Swipe to learn the 4️⃣ ways FOSSA's auto-ignore rules reduce re-work and save time. 🙌🏻 ⏳ #LicenceCompliance #OpenSource #OSS #Cybersecurity

🔍 Understanding the Polyfill Supply Chain Attack: Vulnerability, Details, and Fixes Supply chain attacks have been increasingly common in recent years, and the recent Polyfill vulnerability is a prime example. Our latest blog dives deep into the specifics of Polyfill, shedding light on how it works, its potential impact, and the essential fixes. 🔗 Read the blog: https://lnkd.in/eqUHa58n #VulnerabilityManagement #CVE #SupplyChainSecurity #SoftwareSecurity #CyberSecurity

💡 Don't Forget! 💡 We're hosting a webinar with Olle E Johansson, a Cyber Resilience Act (CRA) expert with extensive experience in embedded systems and open source security, to discuss how and where SBOMs play a part in CRA requirements. 🗓️ July 16, 2024 ⏰ 10:00 am EDT / 2:00 pm GMT Register now to learn more about: 🛠️ Tools needed to comply with the CRA’s SBOM requirements ✅ What organizations should do now to stay on track to meet the short timeline for compliance 📄 How to use SBOMs to enable compliance with the CRA’s vulnerability identification and reporting requirements ⭐️ and more! Sign up today: https://lnkd.in/eKFQav-C #SBOM #VulnerabilityMangement #Cybersecurity #CRA

One of our talented engineers has just shared an insightful blog on reinforcing indirect joins! Discover the depth of knowledge and expertise that drives our product every day. 💡 If you're passionate about working with brilliant minds and contributing to cutting-edge projects, we have exciting opportunities for you. Check out our open positions and join us in shaping the future of software supply chain security! Read the blog: https://lnkd.in/eNjTwX9F 💼 See our open positions: https://lnkd.in/gmMMJiz8 #Hiring #SoftwareDevelopment #EngineeringJobs #AppSec #DevOps #OpenSource

SPDX has roots in open source license compliance management, but it's evolved now to support a far broader range of use cases. These include software supply chain security and software build profiles, to name a few. ✨ What’s Inside Our Guide? 1️⃣ History of SPDX 2️⃣ SPDX Document Structure 3️⃣ SPDX Use Cases 4️⃣ Generating SPDX SBOMs Check out the full guide: https://lnkd.in/emhUjBJT #SBOM #SPDX #LicenceCompliance #VulnerabilityMangement #OpenSource #OSS

Understanding Security Tools: SCA vs. SAST 🔐 Today, we're diving into the differences between Software Composition Analysis (SCA) and Static Application Security Testing (SAST). 🛠 SCA helps you identify and remediate open source risks, ensuring your codebase is free from known vulnerabilities. Perfect for identifying and addressing risks in third-party components! 🔒 SAST, on the other hand, analyzes your source code for security vulnerabilities, helping you catch potential flaws early in the development process. Ideal for finding and fixing issues within your own code! 👉 Swipe through our carousel to learn more about how each tool works and when to use them! #SCA #SAST #Security #SoftwareSecurity

📖 New Blog Post: What You Need to Know About the CISA KEV Catalog Get a comprehensive overview of the CISA Known Exploited Vulnerabilities (KEV) Catalog and how to use it in application security initiatives. Our latest blog dives deep into how this essential resource helps prioritize and manage vulnerabilities. 👾 ✅ Key insights you'll gain: 🔻 How CISA decides whether to include new vulnerabilities on the KEV List 🔻 An explanation of how new vulnerabilities are added to the Catalog 🔻 Guidance on using KEV alongside other vulnerability prioritization inputs Read the full blog: https://lnkd.in/ej_tKtBg #VulnerabilityMangement #KEV #OpenSource #OSS