Resources

IoT is driving enterprises toward a software-centric future and creating new monetization opportunities for intelligent device vendors. Download the report from Transforma Insights to learn more.

This analyst report from IDC presents the challenges companies face with SBOM adoption, operationalizing the SBOM, and advice for the technology buyer.

Join Revenera’s annual Software Composition Analysis event, where we are bringing more expert advice, more panelists than before, and a broader range of topics for practitioners, executive leaders, and professionals like yourself.

Join Dr. Chris Wood CISSP with Lockheed Martin and Alex Rybak, Senior Director of Product Management at Revenera as they cut through the SBOM noise and provide a no-nonsense guide to SBOMs

When we talk about security related to the software supply chain and third-party software management, it’s key that the tools you use provide detailed reports on the known and unknown vulnerabilities inside applications along with the level of exploitability of those vulnerable components. Absent that, all you have is a listing of SBOM parts without much to act on. Typically, you don’t want to co-mingle security information with an SBOM because it’s too dynamic—it’s always changing.

Register to attend Revenera’s annual Software Composition Analysis User Group event, where you will be able to engage with and hear from your peers, product experts and partners

Leading experts from Adobe, Bitsea, GTC & Revenera addresses the critical role legal plays in supporting a company’s management of open source and third-party components and more in this Revenera webinar

Leading experts from Adobe, Bitsea, GTC & Revenera discuss open source code audit trends, recent changes, and actions organizations should take now to secure their software supply chain in this Revenera webinar

What is GPL? The GNU General Public License, often known as copyleft or viral, grants permission to use or reuse or modify source code to make derivative works with a condition that if you distribute your program to others, it requires you to license the derivative work under the same license. There is a catch to this, i.e., by agreeing to the GPL license, (if you plan to redistribute) you must make the source code wholly available to users and allow further modifications and retribution of your product.  This makes it unpopular to authors who make money using proprietary software.…

Leading experts from Adobe, Bitsea, GTC & Revenera discuss how open source licenses are changing and what it means to you in this Revenera webinar

The past decade has been a whirlwind for the software supply chain. As the use of open source software (OSS) has become more pronounced, more businesses than ever before are using SBOM (Software Bill of Materials) solutions in order to better manage OSS and third-party components. An SBOM is a formal, queryable record containing the details and relationships of various components using in building software.

In a continuing effort to bolster and secure the nation’s software supply chain, the Biden administration issued the 2023 National Cybersecurity Strategy. This plan focus’ on enhancing the country’s defenses against emerging threats, such as ransomware and supply chain attacks. Listen to this podcast to better understand what's outlined in the report and what it may mean to you as a software provider. 

In a continuing effort to bolster and secure the nation’s software supply chain, yesterday the Biden administration issued the 2023 National Cybersecurity Strategy. This plan focus’ on enhancing the country’s defenses against emerging threats, such as ransomware and supply chain attacks. Background We highlighted the federal government’s focus on improving the U.S.’ digital defenses back in 2021 after high-profile cybersecurity events like the SolarWinds breach and the ransomware attack on the Colonial Pipeline.

Track all the components in your software, regardless of where in the supply chain they originated. Sign up here to speak with us about a 30 day free trial.

Get these four info-packed resources that will help you understand OSS compliance, SBOMs, and building your own Open Source Program Office.

Hear experts from the Linux Foundation, Fenwick, OSS Capital and more, discuss the importance of a software bill of materials and where organizations should spend their time and effort when it comes to SBOMs

Read this whitepaper to understand the motivations, strategies and best practices for success with an OSPO.

We talk a lot about SBOMs these days. The U.S. government’s Cybersecurity Executive Order along with other industry and U.K. mandates launched the discussion to the front of the line. And, while SBOMs do provide a consistent and clear insight into the software that you’re using, they’re far from the ultimate fix when managing software security. Once you’ve compiled a comprehensive SBOM, you need to then put that data to use by coupling it with other tools.

Open source software (OSS) is a wonderful resource that streamlines development and increases the reliability of your project. However, the price of using OSS is being able to manage it effectively. As your business is delivering software applications to market, it is your responsibility to ensure what you deliver does not come with security risks. Luckily, it’s never too late to prepare for better open source and third-party component management. Compliance is never perfect; there will always be more to do.

Watch the webinar to hear experts from OSS Consultants and Revenera, as they look back on predictions from 2022 and summarize what did or didn’t happen and run down a list of our top trends going into the new year.

Join us and get real-world guidance in this information-rich webinar as a panel of experts talk about where enterprise organizations and software providers should start their SBOM management journey

Join us and discover what prompted OpenChain to create and release the Security Assurance Reference Guide and learn more about best practices and a thorough approach to open source and third-party component management.

On September 14th, The White House published a memorandum addressing the state of the global software supply chain.

Over the last few years, containers have become popular for software distribution and deployment, representing the innovation that software deployment desperately needed in a space where runtime environments are so fragmented. However, like any other disruption, this comes with its own challenges regarding software provenance – who added what to a container at what stage.

In this podcast Revenera experts break down the details of the two high severity OpenSSL vulnerabilities. Understand your next steps and what you should be doing to identify and remediate these issues.

The OpenSSL project announced on October 25, 2022 that it was releasing OpenSSL version 3.0.7 which will patch newly discovered vulnerabilities in current versions of OpenSSL. Patches were released today.   OpenSSL is the core open source library that implements SSL and TLS protocols which makes it possible to securely communicate over the internet. Does all of this sound familiar? Remember “Heartbleed (CVE-2014-0160)?” Multiple attacks in 2014 exploited the ”Heartbleed” software flaw in OpenSSL, allowing attackers to spy on Internet communications, steal data, and impersonate services.

Adoption of Software Bills of Material (SBoMs) is critical to securing the software supply chain and improving cybersecurity throughout the open source ecosystem. Watch this webinar to learn how to use SBoMs to effectively manage all your open source, third-party and commercial software, regardless of its origin in all software deployment models including on-prem and SaaS

While there are currently thousands of institutions around the globe that train people in software development, only a fraction of those focus directly on code security. Surprisingly, even though there is an 80:1 ratio between software developers and security specialists, many still believe that the responsibility to find and eradicate vulnerabilities is only on security experts.

Watch Revenera and a panel of experts to discuss trends in open source, regulatory changes, the criticality of implementing a Software Bill of Materials and what organizations should be doing, along with what’s happening in the software supply chain.

Better manage your software supply chain with SBOM Insights from Revenera. SBOM Insights ingests data from a wide range of sources—both inside and outside your organization—and then unifies all SBOMs into a single actionable view.

Over the past few years, the software industry has increasingly relied on open-source software. It’s rare to find an application that solely uses proprietary components, with most enlisting a mix of third-party and open-source components. While this has led to a greater scope of what applications can do, as well…

The Software Bill of Materials (SBOM) enables software-producing organizations to provide transparency to customers and downstream supply chain partners by disclosing the composition of their applications. Producing complete, accurate SBOMs supports better management of licensing and security risk within applications.

Manage a complete Software Bill of Materials in a SaaS environment and ingest data from a wide range of sources, unifying internal and external SBOMs across your organization.

  The OpenChain Standard defines the key requirements that are needed when constructing a high-quality open-source program. This standard was designed and elaborated by the OpenChain Project and has been the go-to international standard for open-source license compliance since 2016. The central goal of the OpenChain Standard is to ensure…

Register to learn about the latest technology that helps you, effectively manage ALL your open-source, third-party, commercial software, regardless of where it originates from and much more in this Revenera webinar, where you’ll be able to see it in action

On the 12th of May 2021, The White House released an Executive Order (EO) that outlined the guidelines for improving the cybersecurity of the United States. After many high-profile cybersecurity breaches related to exploits within widely used open source software, the Federal Government moved to learn from past exploits and…

  Early in December of 2021, the international cybersecurity community mobilized in response to the discovery of the Log4J vulnerability. This critical vulnerability was within the logging library of Apache, a core component used across millions of Java-based applications. The vulnerability, known as Log4Shell, rated a 10/10 on the CVSS…

Join Forester’s Senior Analyst, Janet Worthington and Revenera’s Senior Director of Product Management, Alex Rybak, as they provide clarity on the role of the (SBOM) and steps for improved software supply chain integrity.

Hear why Open Source Program Office’s (OSPO) are important from industry leading experts and learn, not only how to get started, but which stakeholders should play critical roles in your OSPO in this Revenera and DevOps webinar.

In The News Software Composition Analysis Certification for Legal Professionals Log4j: Come out, come out wherever you are! Spring4Shell: Deep breath. Don’t panic. Mitigate. Field Notes: Understanding GPL Linking Exceptions The Legal Side of of Compliance and Security in M&A and Software Auditing (Panel Discussion) Trends 2021 – 2022 Audit…

When open source components are used, that code is authored by someone who licenses the use of the code to others. Licenses vary and so do the legal obligations of the user. Listen to this podcast to learn about attribution obligations.

IDC analysts explain why having a plan for protecting the software supply chain that includes a robust SCA solution, SBOM creation, and an open source license compliance and security policy is essential.

Not all open source licenses are the same. Users must adhere to individual license requirements,
like preserving copyrights and license text, and providing attribution. Learn more about some of the popular licenses and get a helpful license compliance checklist.

Join legal experts in this Revenera panel discussion to learn more about what’s happening in the software supply chain and setting legal best practices for helping your clients and organizations through the complexity of open source use.

Those involved in the world of software development are used to continuous change, high expectations, and industry interruptions that require constant pivoting, but the last couple of years have challenged the most stalwart of professionals. There was the pandemic beginning in 2020 that may have long-lasting impact. In 2021, we…

Licenses vary and so do the legal obligations of the user. Attribution for the author is one of those necessary obligations. Code Insight from Revenera automatically satisfies this requirement by generating complete third-party notices with just the push of a button.

The Spring4Shell vulnerability can be exploited when an attacker sends a specially crafted query to a web server running the Spring Core framework. Listen to this podcast to learn what it is and steps to take.

Development and security teams, software creators, and companies alike were hit once again with another vulnerability when news made its way online of a disclosure of a PoC for an unauthenticated zero-day vulnerability in Spring Core. The disclosure of CVE-2022-22965—nicknamed Spring4Shell—is an RCE vulnerability in one of the most popular…