Tidelift’s Post

In 2022, the Biden-Harris Administration expanded its commitment to open-source software security by establishing the OS3I. Given that open-source software is a public good, ensuring open-source software’s resilience is a technical necessity and a strategic imperative for protecting and promoting U.S. interests. Read more about the Federal Government's OS3I 2023 initiatives using the link below to the White House's EOY Report. Want to know more about the security of your critical infrastructure? Message us!

Software supply chain threats don’t stop at open-source—they're increasingly targeting proprietary and commercial code as well. In this SC Media article, ReversingLabs’ Saša Zdjelar explains why companies must look beyond #SBOM to fully secure their commercial software and protect their business from hidden risks.

FOSSA Quality is another step in support of our mission to help companies embrace open source software and improve the integrity of their software supply chains. ⛓️ It adds an additional layer of visibility and control, helping you stay ahead of risks that could turn into vulnerabilities. Explore our blog post where we delve into the key aspects of package health and how FOSSA helps you deliver trusted software. 📈 Learn more: https://lnkd.in/ejq9PkJU #VulnerabilityManagement #OpenSource #OSS #SupplyChainSecurity

U.S. White House recommendations on #OpenSource Security Initiative. 1. Advance research & dev. 2. Secure package repositories 3. Partner with Open Source communities 4. Promote development and implementation of SBOM 5. Strengthen software supply chain 6. Establish U.S Gov. OSPO 7. Assign vulnerability metrics 8. Increase education & training tools 9. Expand international collaborations 10. Enhance security of legacy software 11. Advance public-private partnerships 12. Use formal methods https://lnkd.in/eHDGYTer

Help Net Security has highlighted Revenera's latest OSS Inspector plugin. Discover how this innovative plugin allows developers to assess the security vulnerabilities of open-source software components directly within their IDE >>> https://gag.gl/ZJpv9L #OSSInspector

Help Net Security has highlighted Revenera's latest OSS Inspector plugin. Discover how this new tool allows developers to assess the security vulnerabilities of open-source software components directly within their IDE >>> https://gag.gl/ZJpv9L #OSSInspector

Aqua Nautilus has your back. How are you mitigating your risk?

Good stuff from OpenSauced on maintainer burnout: https://lnkd.in/eu4fCWdV The emphasis on understanding what open source is in use through SBOMs and SCA has been critical, but it's not enough to just react to what you're finding. There are too many vulnerabilities to patch them all. There are too many end of life packages and releases being ignored that are potential next threats. As an industry, we need to be investing in the maintainers who built the foundation of all modern software. 🔐 Working with maintainers is key to scaling software security! And we need to be making more strategic choices on how to manage risk. As Vincent Danen highlighted at this year's Upstream conference, vulnerability management needs a revolution.

It's been an exciting month since we launched our upgraded FREE product! If you haven't explored it yet, now's the perfect time! For teams of up to 25 contributing developers and/or up to 5 projects, our free tier allows you to: 🔒 Detect and fix vulnerabilities 📝 Generate and share SBOMs 🤝🏻 Automate open source license license compliance Don’t miss out on these powerful tools designed to help you deliver trusted software. Read the full details in our blog and sign up today: https://lnkd.in/gbNQUzaC #SBOM #VulnerabilityManagement #LicenseCompliance #SoftwareSecurity

Are you tired of managing multiple AppSec tools? SAST here, SCA there, Container Image Scanning somewhere else... Simplify your application security! Launched today, Mend.io offers one platform, one price. It’s that simple.