Resources

Webinars & Events

Legal Due Diligence and M&A in Today’s Open Source Environment

Friday, April 14, 2023

Leading experts from Adobe, Bitsea, GTC & Revenera addresses the critical role legal plays in supporting a company’s management of open source and third-party components and more in this Revenera webinar

Webinars & Events

The Role of Open Source and Third-Party Audits

Friday, APRIL 28, 2023

Leading experts from Adobe, Bitsea, GTC & Revenera discuss open source code audit trends, recent changes, and actions organizations should take now to secure their software supply chain in this Revenera webinar

Webinars & Events

The Evolution of Open Source Licenses

Friday, May 12, 2023

Leading experts from Adobe, Bitsea, GTC & Revenera discuss how open source licenses are changing and what it means to you in this Revenera webinar

Webinars & Events

The Open Source Exchange 2023

Wednesday, June 7, 2023

Join Revenera’s annual Software Composition Analysis event, where we are bringing more expert advice, more panelists than before, and a broader range of topics for practitioners, executive leaders, and professionals like yourself.

Video

A Break Down of the National Cybersecurity Strategy

In a continuing effort to bolster and secure the nation’s software supply chain, the Biden administration issued the 2023 National Cybersecurity Strategy. This plan focus’ on enhancing the country’s defenses against emerging threats, such as ransomware and supply chain attacks. Listen to this podcast to better understand what's outlined in the report and what it may mean to you as a software provider. 

Demo & Trials

SBOM Insights

Track all the components in your software, regardless of where in the supply chain they originated. Sign up here to speak with us about a 30 day free trial.

White Papers & Industry Reports

Intro to SBOMs & OSS Compliance Bundle

Get these four info-packed resources that will help you understand OSS compliance, SBOMs, and building your own Open Source Program Office.

Webinars & Events

Evolving Role of the Software Bill of Materials: A panel discussion

Hear experts from the Linux Foundation, Fenwick, OSS Capital and more, discuss the importance of a software bill of materials and where organizations should spend their time and effort when it comes to SBOMs

White Papers & Industry Reports

The Open Source Program Office

Read this whitepaper to understand the motivations, strategies and best practices for success with an OSPO.

Blog

Make Your SBOM Part of a Structured Solution

We talk a lot about SBOMs these days. The U.S. government’s Cybersecurity Executive Order along with other industry and U.K. mandates launched the discussion to the front of the line. And, while SBOMs do provide a consistent and clear insight into the software that you’re using, they’re far from the ultimate fix when managing software security. Once you’ve compiled a comprehensive SBOM, you need to then put that data to use by coupling it with other tools.

Blog

Time to Prep for Better Open Source & Third-Party Software Management

Open source software (OSS) is a wonderful resource that streamlines development and increases the reliability of your project. However, the price of using OSS is being able to manage it effectively. As your business is delivering software applications to market, it is your responsibility to ensure what you deliver does not come with security risks. Luckily, it’s never too late to prepare for better open source and third-party component management. Compliance is never perfect; there will always be more to do.

Webinars & Events

Software Supply Chain Management Trends and Predictions

Watch the webinar to hear experts from OSS Consultants and Revenera, as they look back on predictions from 2022 and summarize what did or didn’t happen and run down a list of our top trends going into the new year.

Webinars & Events

Trends in Open Source & Third-Party Software Management

Join us to hear an expert panel gives their perspective on what trends enterprise and software companies should consider in their open source and software supply chain strategies.

Webinars & Events

SBOMs & Open Source License Compliance

Join us and get real-world guidance in this information-rich webinar as a panel of experts talk about where enterprise organizations and software providers should start their SBOM management journey

Webinars & Events

Real World OSS Governance with Open Chain Best Practices

Join us and discover what prompted OpenChain to create and release the Security Assurance Reference Guide and learn more about best practices and a thorough approach to open source and third-party component management.

Blog

Cybersecurity Executive Order Update

On September 14th, The White House published a memorandum addressing the state of the global software supply chain.

Blog

Use of containers in modern application development

Over the last few years, containers have become popular for software distribution and deployment, representing the innovation that software deployment desperately needed in a space where runtime environments are so fragmented. However, like any other disruption, this comes with its own challenges regarding software provenance – who added what to a container at what stage.

Video

All About the Open SSL Vulnerabilities

In this podcast Revenera experts break down the details of the two high severity OpenSSL vulnerabilities. Understand your next steps and what you should be doing to identify and remediate these issues.

Blog

New OpenSSL Vulnerability: Act Now

The OpenSSL project announced on October 25, 2022 that it was releasing OpenSSL version 3.0.7 which will patch newly discovered vulnerabilities in current versions of OpenSSL. Patches were released today.   OpenSSL is the core open source library that implements SSL and TLS protocols which makes it possible to securely communicate over the internet. Does all of this sound familiar? Remember “Heartbleed (CVE-2014-0160)?” Multiple attacks in 2014 exploited the ”Heartbleed” software flaw in OpenSSL, allowing attackers to spy on Internet communications, steal data, and impersonate services.

Webinars & Events

Manage Software Ingredients for Complete Transparency

Adoption of Software Bills of Material (SBoMs) is critical to securing the software supply chain and improving cybersecurity throughout the open source ecosystem. Watch this webinar to learn how to use SBoMs to effectively manage all your open source, third-party and commercial software, regardless of its origin in all software deployment models including on-prem and SaaS

Blog

The Need for Ongoing Software Developer Training

While there are currently thousands of institutions around the globe that train people in software development, only a fraction of those focus directly on code security. Surprisingly, even though there is an 80:1 ratio between software developers and security specialists, many still believe that the responsibility to find and eradicate vulnerabilities is only on security experts.

Webinars & Events

Open Source Exchange – November 2022

Watch Revenera and a panel of experts to discuss trends in open source, regulatory changes, the criticality of implementing a Software Bill of Materials and what organizations should be doing, along with what’s happening in the software supply chain.

Video

Manage Your Software Supply Chain

Better manage your software supply chain with SBOM Insights from Revenera. SBOM Insights ingests data from a wide range of sources—both inside and outside your organization—and then unifies all SBOMs into a single actionable view.

Blog

SBOMs: It’s All About Transparency into the Complexity of Your Software

Over the past few years, the software industry has increasingly relied on open-source software. It’s rare to find an application that solely uses proprietary components, with most enlisting a mix of third-party and open-source components. While this has led to a greater scope of what applications can do, as well…

White Papers & Industry Reports

Business Drivers of SBOM Adoption

The Software Bill of Materials (SBOM) enables software-producing organizations to provide transparency to customers and downstream supply chain partners by disclosing the composition of their applications. Producing complete, accurate SBOMs supports better management of licensing and security risk within applications.

Data Sheets

SBOM Insights for Intelligent SBOM Management

Data Sheet

Manage a complete Software Bill of Materials in a SaaS environment and ingest data from a wide range of sources, unifying internal and external SBOMs across your organization.

Blog

The Role of OpenChain Conformance

  The OpenChain Standard defines the key requirements that are needed when constructing a high-quality open-source program. This standard was designed and elaborated by the OpenChain Project and has been the go-to international standard for open-source license compliance since 2016. The central goal of the OpenChain Standard is to ensure…

Webinars & Events

A New, More Effective Way to Create and Manage SBOMs

Register to learn about the latest technology that helps you, effectively manage ALL your open-source, third-party, commercial software, regardless of where it originates from and much more in this Revenera webinar, where you’ll be able to see it in action

Blog

Everything Your Business Needs to Know About SBOMs

On the 12th of May 2021, The White House released an Executive Order (EO) that outlined the guidelines for improving the cybersecurity of the United States. After many high-profile cybersecurity breaches related to exploits within widely used open source software, the Federal Government moved to learn from past exploits and…

Blog

How the U.S. Executive Order Is Shaping the Software Supply Chain Going Forward

  Early in December of 2021, the international cybersecurity community mobilized in response to the discovery of the Log4J vulnerability. This critical vulnerability was within the logging library of Apache, a core component used across millions of Java-based applications. The vulnerability, known as Log4Shell, rated a 10/10 on the CVSS…

Webinars & Events

Reduce Software Supply Chain Uncertainty

Join Forester’s Senior Analyst, Janet Worthington and Revenera’s Senior Director of Product Management, Alex Rybak, as they provide clarity on the role of the (SBOM) and steps for improved software supply chain integrity.

Webinars & Events

Building a Successful Open Source Program Office

Hear why Open Source Program Office’s (OSPO) are important from industry leading experts and learn, not only how to get started, but which stakeholders should play critical roles in your OSPO in this Revenera and DevOps webinar.

Blog

June Newsletter: The Latest Buzz in Software Composition Analysis Professional Services

In The News Software Composition Analysis Certification for Legal Professionals Log4j: Come out, come out wherever you are! Spring4Shell: Deep breath. Don’t panic. Mitigate. Field Notes: Understanding GPL Linking Exceptions The Legal Side of of Compliance and Security in M&A and Software Auditing (Panel Discussion) Trends 2021 – 2022 Audit…

Video

Legal Attribution for OSS Authors

When open source components are used, that code is authored by someone who licenses the use of the code to others. Licenses vary and so do the legal obligations of the user. Listen to this podcast to learn about attribution obligations.

White Papers & Industry Reports

IDC Analyst Brief: The Open Source Blind Spot Putting Businesses at Risk

IDC analysts explain why having a plan for protecting the software supply chain that includes a robust SCA solution, SBOM creation, and an open source license compliance and security policy is essential.

Data Sheets

User's Guide to Open Source Licenses

Not all open source licenses are the same. Users must adhere to individual license requirements,
like preserving copyrights and license text, and providing attribution. Learn more about some of the popular licenses and get a helpful license compliance checklist.

Webinars & Events

Open Source Exchange: The Legal Side of Compliance and Security in M&A and Software Auditing

Join legal experts in this Revenera panel discussion to learn more about what’s happening in the software supply chain and setting legal best practices for helping your clients and organizations through the complexity of open source use.

Blog

What’s Trending with SBOMs, Developers, and Code Scanning

Those involved in the world of software development are used to continuous change, high expectations, and industry interruptions that require constant pivoting, but the last couple of years have challenged the most stalwart of professionals. There was the pandemic beginning in 2020 that may have long-lasting impact. In 2021, we…

Data Sheets

Automate Third-Party Attribution for Open Source Licenses

Licenses vary and so do the legal obligations of the user. Attribution for the author is one of those necessary obligations. Code Insight from Revenera automatically satisfies this requirement by generating complete third-party notices with just the push of a button.

Video

Understanding the Exploitability of Spring4Shell

The Spring4Shell vulnerability can be exploited when an attacker sends a specially crafted query to a web server running the Spring Core framework. Listen to this podcast to learn what it is and steps to take.

Blog

Spring4Shell: Deep breath. Don’t panic. Mitigate.

Development and security teams, software creators, and companies alike were hit once again with another vulnerability when news made its way online of a disclosure of a PoC for an unauthenticated zero-day vulnerability in Spring Core. The disclosure of CVE-2022-22965—nicknamed Spring4Shell—is an RCE vulnerability in one of the most popular…

Video

Understanding GPL Linking Exceptions

Expert in open source audit analysis explains the difference between Static linking and Dynamic linking, how users can avoid conflict with LGPL licensed code, and a clear explanation on the basics of GPL linking exceptions.

Webinars & Events

Open Source Exchange: Security and License Compliance Challenges in the Year Ahead

Listen to our expert open source panel as they discuss topics such as; Log4j; 
legal developments resulting from GPL enforcement actions and SBOM mandates, the status of the cybersecurity executive order and long-lasting affects and more.

Blog

Log4j: Come out, come out wherever you are!

On December 10th, 2021, a critical vulnerability was found in Log4j.  It impacts almost every organization which develops applications in Java, or that uses third-party software.  Vulnerabilities get discovered every day.  However, due to the impact and widespread use of log4j, this vulnerability is driving a serious discussion on the…

Video

Log4j weary? How to move forward.

Experts talk about key learnings from the Log4Shell vulnerability, SBOM initiatives, ongoing diligence, and the importance of being proactive in understanding what’s in your code.

Webinars & Events

A Legal View on Open Source License Compliance

Revenera’s VP & Associate General Counsel, Marty Mellican and GTC Law Group’s, Principal, Leon Schwartz are joined to discuss, the Executive Order on improving the nation’s cybersecurity, GPL enforcement actions, emerging technology, open source and and many more will be explored in this one hour webinar.

Blog

Open Source: Trouble because of sudden license changes

Open Source does not mean that the use of the code is allowed without any restriction: The use is subject to conditions which are formulated by the author (copyright holder) in the form of a license. Recently, Bitsea observed some Open Source projects maintained by commercial companies have changed their…

Video

Has the Dust Settled on Log4j?

Where are we now with Log4j? What’s been the fallout? In this podcast we'll talk about what we learned from it to apply to processes going forward to better prepare for the next Log4Shell-type vulnerability down the road.