Resources

White Papers & Industry Reports

Analyst Report: Driving Recurring Revenue with Software

IoT is driving enterprises toward a software-centric future and creating new monetization opportunities for intelligent device vendors. Download the report from Transforma Insights to learn more.

White Papers & Industry Reports

Analyst Report: Operationalizing SBOMs to Secure Your Software Supply Chain

This analyst report from IDC presents the challenges companies face with SBOM adoption, operationalizing the SBOM, and advice for the technology buyer.

Webinars & Events

The Open Source Exchange 2023

Wednesday, June 7, 2023

Join Revenera’s annual Software Composition Analysis event, where we are bringing more expert advice, more panelists than before, and a broader range of topics for practitioners, executive leaders, and professionals like yourself.

Webinars & Events

Breaking Through The SBOM Noise: A No-Nonsense Guide

Wednesday, June 28, 2023

Join Dr. Chris Wood CISSP with Lockheed Martin and Alex Rybak, Senior Director of Product Management at Revenera as they cut through the SBOM noise and provide a no-nonsense guide to SBOMs

Blog

Level Up Your Security Game with VDR and VEX Reports

When we talk about security related to the software supply chain and third-party software management, it’s key that the tools you use provide detailed reports on the known and unknown vulnerabilities inside applications along with the level of exploitability of those vulnerable components. Absent that, all you have is a listing of SBOM parts without much to act on. Typically, you don’t want to co-mingle security information with an SBOM because it’s too dynamic—it’s always changing.

Webinars & Events

User Group 2023 - Software Composition Analysis

Thursday, Sept 14, 2023

Register to attend Revenera’s annual Software Composition Analysis User Group event, where you will be able to engage with and hear from your peers, product experts and partners

Webinars & Events

Legal Due Diligence and M&A in Today’s Open Source Environment

Leading experts from Adobe, Bitsea, GTC & Revenera addresses the critical role legal plays in supporting a company’s management of open source and third-party components and more in this Revenera webinar

Webinars & Events

The Role of Open Source and Third-Party Audits

Leading experts from Adobe, Bitsea, GTC & Revenera discuss open source code audit trends, recent changes, and actions organizations should take now to secure their software supply chain in this Revenera webinar

Blog

Understanding the SaaS Loophole in GPL

What is GPL? The GNU General Public License, often known as copyleft or viral, grants permission to use or reuse or modify source code to make derivative works with a condition that if you distribute your program to others, it requires you to license the derivative work under the same license. There is a catch to this, i.e., by agreeing to the GPL license, (if you plan to redistribute) you must make the source code wholly available to users and allow further modifications and retribution of your product.  This makes it unpopular to authors who make money using proprietary software.…

Webinars & Events

The Evolution of Open Source Licenses

Leading experts from Adobe, Bitsea, GTC & Revenera discuss how open source licenses are changing and what it means to you in this Revenera webinar

Blog

Life Support for SBOMs in Key Industries

The past decade has been a whirlwind for the software supply chain. As the use of open source software (OSS) has become more pronounced, more businesses than ever before are using SBOM (Software Bill of Materials) solutions in order to better manage OSS and third-party components. An SBOM is a formal, queryable record containing the details and relationships of various components using in building software.

Video

A Break Down of the National Cybersecurity Strategy

In a continuing effort to bolster and secure the nation’s software supply chain, the Biden administration issued the 2023 National Cybersecurity Strategy. This plan focus’ on enhancing the country’s defenses against emerging threats, such as ransomware and supply chain attacks. Listen to this podcast to better understand what's outlined in the report and what it may mean to you as a software provider. 

Blog

New U.S. National Cybersecurity Strategy: Effect on Companies Building Software

In a continuing effort to bolster and secure the nation’s software supply chain, yesterday the Biden administration issued the 2023 National Cybersecurity Strategy. This plan focus’ on enhancing the country’s defenses against emerging threats, such as ransomware and supply chain attacks. Background We highlighted the federal government’s focus on improving the U.S.’ digital defenses back in 2021 after high-profile cybersecurity events like the SolarWinds breach and the ransomware attack on the Colonial Pipeline.

Demo & Trials

SBOM Insights

Track all the components in your software, regardless of where in the supply chain they originated. Sign up here to speak with us about a 30 day free trial.

White Papers & Industry Reports

Intro to SBOMs & OSS Compliance Bundle

Get these four info-packed resources that will help you understand OSS compliance, SBOMs, and building your own Open Source Program Office.

Webinars & Events

Evolving Role of the Software Bill of Materials: A panel discussion

Hear experts from the Linux Foundation, Fenwick, OSS Capital and more, discuss the importance of a software bill of materials and where organizations should spend their time and effort when it comes to SBOMs

White Papers & Industry Reports

The Open Source Program Office

Read this whitepaper to understand the motivations, strategies and best practices for success with an OSPO.

Blog

Make Your SBOM Part of a Structured Solution

We talk a lot about SBOMs these days. The U.S. government’s Cybersecurity Executive Order along with other industry and U.K. mandates launched the discussion to the front of the line. And, while SBOMs do provide a consistent and clear insight into the software that you’re using, they’re far from the ultimate fix when managing software security. Once you’ve compiled a comprehensive SBOM, you need to then put that data to use by coupling it with other tools.

Blog

Time to Prep for Better Open Source & Third-Party Software Management

Open source software (OSS) is a wonderful resource that streamlines development and increases the reliability of your project. However, the price of using OSS is being able to manage it effectively. As your business is delivering software applications to market, it is your responsibility to ensure what you deliver does not come with security risks. Luckily, it’s never too late to prepare for better open source and third-party component management. Compliance is never perfect; there will always be more to do.

Webinars & Events

Software Supply Chain Management Trends and Predictions

Watch the webinar to hear experts from OSS Consultants and Revenera, as they look back on predictions from 2022 and summarize what did or didn’t happen and run down a list of our top trends going into the new year.

Webinars & Events

SBOMs & Open Source License Compliance

Join us and get real-world guidance in this information-rich webinar as a panel of experts talk about where enterprise organizations and software providers should start their SBOM management journey

Webinars & Events

Real World OSS Governance with Open Chain Best Practices

Join us and discover what prompted OpenChain to create and release the Security Assurance Reference Guide and learn more about best practices and a thorough approach to open source and third-party component management.

Blog

Cybersecurity Executive Order Update

On September 14th, The White House published a memorandum addressing the state of the global software supply chain.

Blog

Use of containers in modern application development

Over the last few years, containers have become popular for software distribution and deployment, representing the innovation that software deployment desperately needed in a space where runtime environments are so fragmented. However, like any other disruption, this comes with its own challenges regarding software provenance – who added what to a container at what stage.

Video

All About the Open SSL Vulnerabilities

In this podcast Revenera experts break down the details of the two high severity OpenSSL vulnerabilities. Understand your next steps and what you should be doing to identify and remediate these issues.

Blog

New OpenSSL Vulnerability: Act Now

The OpenSSL project announced on October 25, 2022 that it was releasing OpenSSL version 3.0.7 which will patch newly discovered vulnerabilities in current versions of OpenSSL. Patches were released today.   OpenSSL is the core open source library that implements SSL and TLS protocols which makes it possible to securely communicate over the internet. Does all of this sound familiar? Remember “Heartbleed (CVE-2014-0160)?” Multiple attacks in 2014 exploited the ”Heartbleed” software flaw in OpenSSL, allowing attackers to spy on Internet communications, steal data, and impersonate services.

Webinars & Events

Manage Software Ingredients for Complete Transparency

Adoption of Software Bills of Material (SBoMs) is critical to securing the software supply chain and improving cybersecurity throughout the open source ecosystem. Watch this webinar to learn how to use SBoMs to effectively manage all your open source, third-party and commercial software, regardless of its origin in all software deployment models including on-prem and SaaS

Blog

The Need for Ongoing Software Developer Training

While there are currently thousands of institutions around the globe that train people in software development, only a fraction of those focus directly on code security. Surprisingly, even though there is an 80:1 ratio between software developers and security specialists, many still believe that the responsibility to find and eradicate vulnerabilities is only on security experts.

Webinars & Events

Open Source Exchange – November 2022

Watch Revenera and a panel of experts to discuss trends in open source, regulatory changes, the criticality of implementing a Software Bill of Materials and what organizations should be doing, along with what’s happening in the software supply chain.

Video

Manage Your Software Supply Chain

Better manage your software supply chain with SBOM Insights from Revenera. SBOM Insights ingests data from a wide range of sources—both inside and outside your organization—and then unifies all SBOMs into a single actionable view.

Blog

SBOMs: It’s All About Transparency into the Complexity of Your Software

Over the past few years, the software industry has increasingly relied on open-source software. It’s rare to find an application that solely uses proprietary components, with most enlisting a mix of third-party and open-source components. While this has led to a greater scope of what applications can do, as well…

White Papers & Industry Reports

Business Drivers of SBOM Adoption

The Software Bill of Materials (SBOM) enables software-producing organizations to provide transparency to customers and downstream supply chain partners by disclosing the composition of their applications. Producing complete, accurate SBOMs supports better management of licensing and security risk within applications.

Data Sheets

SBOM Insights for Intelligent SBOM Management

Data Sheet

Manage a complete Software Bill of Materials in a SaaS environment and ingest data from a wide range of sources, unifying internal and external SBOMs across your organization.

Blog

The Role of OpenChain Conformance

  The OpenChain Standard defines the key requirements that are needed when constructing a high-quality open-source program. This standard was designed and elaborated by the OpenChain Project and has been the go-to international standard for open-source license compliance since 2016. The central goal of the OpenChain Standard is to ensure…

Webinars & Events

A New, More Effective Way to Create and Manage SBOMs

Register to learn about the latest technology that helps you, effectively manage ALL your open-source, third-party, commercial software, regardless of where it originates from and much more in this Revenera webinar, where you’ll be able to see it in action

Blog

Everything Your Business Needs to Know About SBOMs

On the 12th of May 2021, The White House released an Executive Order (EO) that outlined the guidelines for improving the cybersecurity of the United States. After many high-profile cybersecurity breaches related to exploits within widely used open source software, the Federal Government moved to learn from past exploits and…

Blog

How the U.S. Executive Order Is Shaping the Software Supply Chain Going Forward

  Early in December of 2021, the international cybersecurity community mobilized in response to the discovery of the Log4J vulnerability. This critical vulnerability was within the logging library of Apache, a core component used across millions of Java-based applications. The vulnerability, known as Log4Shell, rated a 10/10 on the CVSS…

Webinars & Events

Reduce Software Supply Chain Uncertainty

Join Forester’s Senior Analyst, Janet Worthington and Revenera’s Senior Director of Product Management, Alex Rybak, as they provide clarity on the role of the (SBOM) and steps for improved software supply chain integrity.

Webinars & Events

Building a Successful Open Source Program Office

Hear why Open Source Program Office’s (OSPO) are important from industry leading experts and learn, not only how to get started, but which stakeholders should play critical roles in your OSPO in this Revenera and DevOps webinar.

Blog

June Newsletter: The Latest Buzz in Software Composition Analysis Professional Services

In The News Software Composition Analysis Certification for Legal Professionals Log4j: Come out, come out wherever you are! Spring4Shell: Deep breath. Don’t panic. Mitigate. Field Notes: Understanding GPL Linking Exceptions The Legal Side of of Compliance and Security in M&A and Software Auditing (Panel Discussion) Trends 2021 – 2022 Audit…

Video

Legal Attribution for OSS Authors

When open source components are used, that code is authored by someone who licenses the use of the code to others. Licenses vary and so do the legal obligations of the user. Listen to this podcast to learn about attribution obligations.

White Papers & Industry Reports

IDC Analyst Brief: The Open Source Blind Spot Putting Businesses at Risk

IDC analysts explain why having a plan for protecting the software supply chain that includes a robust SCA solution, SBOM creation, and an open source license compliance and security policy is essential.

Data Sheets

User's Guide to Open Source Licenses

Not all open source licenses are the same. Users must adhere to individual license requirements,
like preserving copyrights and license text, and providing attribution. Learn more about some of the popular licenses and get a helpful license compliance checklist.

Webinars & Events

Open Source Exchange: The Legal Side of Compliance and Security in M&A and Software Auditing

Join legal experts in this Revenera panel discussion to learn more about what’s happening in the software supply chain and setting legal best practices for helping your clients and organizations through the complexity of open source use.

Blog

What’s Trending with SBOMs, Developers, and Code Scanning

Those involved in the world of software development are used to continuous change, high expectations, and industry interruptions that require constant pivoting, but the last couple of years have challenged the most stalwart of professionals. There was the pandemic beginning in 2020 that may have long-lasting impact. In 2021, we…

Data Sheets

Automate Third-Party Attribution for Open Source Licenses

Licenses vary and so do the legal obligations of the user. Attribution for the author is one of those necessary obligations. Code Insight from Revenera automatically satisfies this requirement by generating complete third-party notices with just the push of a button.

Video

Understanding the Exploitability of Spring4Shell

The Spring4Shell vulnerability can be exploited when an attacker sends a specially crafted query to a web server running the Spring Core framework. Listen to this podcast to learn what it is and steps to take.

Blog

Spring4Shell: Deep breath. Don’t panic. Mitigate.

Development and security teams, software creators, and companies alike were hit once again with another vulnerability when news made its way online of a disclosure of a PoC for an unauthenticated zero-day vulnerability in Spring Core. The disclosure of CVE-2022-22965—nicknamed Spring4Shell—is an RCE vulnerability in one of the most popular…