Resources
Blog
June Newsletter: The Latest Buzz in Software Composition Analysis Professional Services
Video
Legal Attribution for OSS Authors
When open source components are used, that code is authored by someone who licenses the use of the code to others. Licenses vary and so do the legal obligations of the user. Listen to this podcast to learn about attribution obligations.
White Papers & Industry Reports
IDC Analyst Brief: The Open Source Blind Spot Putting Businesses at Risk
IDC analysts explain why having a plan for protecting the software supply chain that includes a robust SCA solution, SBOM creation, and an open source license compliance and security policy is essential.
Data Sheets
User's Guide to Open Source Licenses
Not all open source licenses are the same. Users must adhere to individual license requirements,
like preserving copyrights and license text, and providing attribution. Learn more about some of the popular licenses and get a helpful license compliance checklist.
Webinars & Events
Open Source Exchange: The Legal Side of Compliance and Security in M&A and Software Auditing
Join legal experts in this Revenera panel discussion to learn more about what’s happening in the software supply chain and setting legal best practices for helping your clients and organizations through the complexity of open source use.
Blog
What’s Trending with SBOMs, Developers, and Code Scanning
Data Sheets
Automate Third-Party Attribution for Open Source Licenses
Licenses vary and so do the legal obligations of the user. Attribution for the author is one of those necessary obligations. Code Insight from Revenera automatically satisfies this requirement by generating complete third-party notices with just the push of a button.
Video
Understanding the Exploitability of Spring4Shell
The Spring4Shell vulnerability can be exploited when an attacker sends a specially crafted query to a web server running the Spring Core framework. Listen to this podcast to learn what it is and steps to take.
Blog
Spring4Shell: Deep breath. Don’t panic. Mitigate.
Video
Understanding GPL Linking Exceptions
Expert in open source audit analysis explains the difference between Static linking and Dynamic linking, how users can avoid conflict with LGPL licensed code, and a clear explanation on the basics of GPL linking exceptions.
Webinars & Events
Open Source Exchange: Security and License Compliance Challenges in the Year Ahead
Listen to our expert open source panel as they discuss topics such as; Log4j;
legal developments resulting from GPL enforcement actions and SBOM mandates, the status of the cybersecurity executive order and long-lasting affects and more.
Blog
Log4j: Come out, come out wherever you are!
Video
Log4j weary? How to move forward.
Experts talk about key learnings from the Log4Shell vulnerability, SBOM initiatives, ongoing diligence, and the importance of being proactive in understanding what’s in your code.
Webinars & Events
A Legal View on Open Source License Compliance
Revenera’s VP & Associate General Counsel, Marty Mellican and GTC Law Group’s, Principal, Leon Schwartz are joined to discuss, the Executive Order on improving the nation’s cybersecurity, GPL enforcement actions, emerging technology, open source and and many more will be explored in this one hour webinar.
Blog
Open Source: Trouble because of sudden license changes
Video
Has the Dust Settled on Log4j?
Where are we now with Log4j? What’s been the fallout? In this podcast we'll talk about what we learned from it to apply to processes going forward to better prepare for the next Log4Shell-type vulnerability down the road.
Blog
The story behind colors.js and faker.js
Blog
The FTC’s warning to companies about the failure to protect against open source vulnerabilities
White Papers & Industry Reports
Revenera's 2022 Report on Software Supply Chain Compliance
The software industry’s reliance on open source, an increase in OSS dependencies, and the frequency of newly reported security exploits has set up a perfect storm for supply chain security. Learn more in this report, complete with relevant data for your business.
Blog
Software supply-chain vulnerabilities: A close look on code
Vulnerabilities that affect the supply chain of software and its distribution are easily among the most terrifying experiences any company involved must endure. Such vulnerabilities typically affect a wide range of different parties who use the affected software or parts thereof and who may distribute them further down the road.…
Data Sheets
Log4j: Steps to Take Now
Mitigate your log4j vulnerability risk with this guide to steps you should take now to help secure your applications.
Demo & Trials
FREE TOOL Code Aware for Log4j
Download and run this free scanner to discover the Log4j vulnerability in your software.
Video
The Apache Log4j Security Vulnerability
Watch this podcast for everything you need to know about the critical Apache Log4j security vulnerability, including what it is, potential impact, and important steps you should take now.
Video
The Software Supply Chain: Episode 2
Revenera experts discuss key considerations focusing on supply chain security including actionable steps when looking to implement or consider supply chain security and license compliance.
Video
The Software Supply Chain: Episode 1
Revenera experts discuss key considerations focusing on supply chain security including application security and the importance of the Software Bill of Materials.
Video
Managing a Security Incident in an Application
Practical advice to managing a security issue when one comes up and how to get ahead of future security problems.
Webinars & Events
What’s on the Horizon for the Software Supply Chain?
Join Revenera’s Director of Product Management, Alex Rybak, as he uncovers and provides insights regarding the complex factors facing the software supply chain.
Video
Take Care of Your Software Applications with SCA
Once an organization has taken on a security initiative, what is the benefit to integrating security with a Software Composition Analysis solution? Learn more.
Blog
What you need to know about the Log4j security vulnerability
Blog
When is the right time to conduct an open source audit?
Blog
Field Notes: Understanding GPL Linking Exceptions
Video
Get Security and Compliance Back on Track
The responsibility for security and license compliance in your software falls to security, developer and legal teams. What happens when an issue comes up that requires fast remediation?
Video
Launch a Successful Cybersecurity Program
Cyber threats are more real today than ever before. The industry is responding with new regulations. Get the right advice for a successful cyber program.
Webinars & Events
Open Source Exchange
In the second installment of Revenera’s Open Source Exchange, a panel of experts will discuss why it’s important to look left, consider the current open source software landscape, and begin laying a proactive foundation to deal with inevitable changes around license governance and vulnerability management.
Blog
How developers can drive open source compliance
Blog
Automation is King. Good News for Today’s Software Development Teams.
Webinars & Events
Open Source Exchange
Open Source Exchange is a free, online ninety-minute experience that brings together security, engineering, and legal decision-makers to better understand the open source landscape. Expert panelists will discuss and answer key questions.
Blog
Will your customers want proof of a secure software supply chain?
Webinars & Events
Incorporating Software Composition Analysis into Your Secure Application Strategy
Security breaches are on the rise and no strategy is complete. If you are in software development, security, or compliance, learn more about implementing software composition analysis to manage risk associated with software applications.
Webinars & Events
Compliance and Security in Open Source
Hear from Dr Andreas Kotulla of Bitsea and Revenera expert Nicole Segerer how to manage use of open source securely and legally. (German language webinar)
Video
Know What’s in Your Code
Manage license compliance and security vulnerabilities in your software components with Revenera Software Composition Analysis.
White Papers & Industry Reports
Aberdeen Knowledge Brief. Open Source, With Eyes Wide Open
In this Knowledge Brief, Aberdeen reports that nearly half of security-related issues uncovered in nearly 200 audit projects had a high severity rating. Find out more.
Webinars & Events
The Legalities of Open Source Software 101: Mitigating Legal Risk
Join us as we cover the basics of open source software, discuss the licensing and security-related risks associated with open source use, and provide you with a starting point for setting legal best practices around open source governance.
Webinars & Events
Google v Oracle and the Legal Implications for Open Source Compliance Policies
In this webinar, experts from Fenwick & West LLP and Revenera will address the copyright issues in the Google v Oracle case on appeal before the U.S. Supreme Court, and the legal implications of the Court’s decision for OSS compliance policies.
Data Sheets
Manage and Monetize Your Software, SaaS and IoT Solutions
Learn more about Revenera’s Software Composition Analysis and Software Monetization solutions and how we help you build better software products, accelerate your time to value, and monetize what matters most.
Webinars & Events
Getting Real About The Complexity of Auditing Linux
White Papers & Industry Reports
Your Code Isn’t Static. Evolve Your Open Source Processes
It’s imperative to make sure processes supporting your open source environment are dynamic in order to meet the changing needs of both open source license requirements and market shifts. Learn more in this eBook.
Webinars & Events
Avoid Unhappy Returns- Proactively Plug Your Revenue Leaks
Join Revenera software monetization and open source software experts to learn how software organizations can maximize their revenue through license compliance and open source software management.