Resources

In The News Software Composition Analysis Certification for Legal Professionals Log4j: Come out, come out wherever you are! Spring4Shell: Deep breath. Don’t panic. Mitigate. Field Notes: Understanding GPL Linking Exceptions The Legal Side of of Compliance and Security in M&A and Software Auditing (Panel Discussion) Trends 2021 – 2022 Audit…

When open source components are used, that code is authored by someone who licenses the use of the code to others. Licenses vary and so do the legal obligations of the user. Listen to this podcast to learn about attribution obligations.

IDC analysts explain why having a plan for protecting the software supply chain that includes a robust SCA solution, SBOM creation, and an open source license compliance and security policy is essential.

Not all open source licenses are the same. Users must adhere to individual license requirements,
like preserving copyrights and license text, and providing attribution. Learn more about some of the popular licenses and get a helpful license compliance checklist.

Join legal experts in this Revenera panel discussion to learn more about what’s happening in the software supply chain and setting legal best practices for helping your clients and organizations through the complexity of open source use.

Those involved in the world of software development are used to continuous change, high expectations, and industry interruptions that require constant pivoting, but the last couple of years have challenged the most stalwart of professionals. There was the pandemic beginning in 2020 that may have long-lasting impact. In 2021, we…

Licenses vary and so do the legal obligations of the user. Attribution for the author is one of those necessary obligations. Code Insight from Revenera automatically satisfies this requirement by generating complete third-party notices with just the push of a button.

The Spring4Shell vulnerability can be exploited when an attacker sends a specially crafted query to a web server running the Spring Core framework. Listen to this podcast to learn what it is and steps to take.

Development and security teams, software creators, and companies alike were hit once again with another vulnerability when news made its way online of a disclosure of a PoC for an unauthenticated zero-day vulnerability in Spring Core. The disclosure of CVE-2022-22965—nicknamed Spring4Shell—is an RCE vulnerability in one of the most popular…

Expert in open source audit analysis explains the difference between Static linking and Dynamic linking, how users can avoid conflict with LGPL licensed code, and a clear explanation on the basics of GPL linking exceptions.

Listen to our expert open source panel as they discuss topics such as; Log4j; 
legal developments resulting from GPL enforcement actions and SBOM mandates, the status of the cybersecurity executive order and long-lasting affects and more.

On December 10th, 2021, a critical vulnerability was found in Log4j.  It impacts almost every organization which develops applications in Java, or that uses third-party software.  Vulnerabilities get discovered every day.  However, due to the impact and widespread use of log4j, this vulnerability is driving a serious discussion on the…

Experts talk about key learnings from the Log4Shell vulnerability, SBOM initiatives, ongoing diligence, and the importance of being proactive in understanding what’s in your code.

Revenera’s VP & Associate General Counsel, Marty Mellican and GTC Law Group’s, Principal, Leon Schwartz are joined to discuss, the Executive Order on improving the nation’s cybersecurity, GPL enforcement actions, emerging technology, open source and and many more will be explored in this one hour webinar.

Open Source does not mean that the use of the code is allowed without any restriction: The use is subject to conditions which are formulated by the author (copyright holder) in the form of a license. Recently, Bitsea observed some Open Source projects maintained by commercial companies have changed their…

Where are we now with Log4j? What’s been the fallout? In this podcast we'll talk about what we learned from it to apply to processes going forward to better prepare for the next Log4Shell-type vulnerability down the road.

The bizarre case of the author who corrupted his own npm packages – colors.js and faker.js. Originally reported by Bleeping Computer on Jan 9th the author of npm packages colors.js and faker.js, Marak Squires, has intentionally committed corrupt versions of each to his public GitHub repositories that trigger infinite loops…

In direct response to the Log4j vulnerability, the United States Federal Trade Commission published an alert. Net? If your company does not take proactive steps to prepare for future vulnerabilities like Log4Shell, not only do you risk legal and financial damage to your business because of hacks and data breaches,…

The software industry’s reliance on open source, an increase in OSS dependencies, and the frequency of newly reported security exploits has set up a perfect storm for supply chain security. Learn more in this report, complete with relevant data for your business.

 

Vulnerabilities that affect the supply chain of software and its distribution are easily among the most terrifying experiences any company involved must endure. Such vulnerabilities typically affect a wide range of different parties who use the affected software or parts thereof and who may distribute them further down the road.…

Mitigate your log4j vulnerability risk with this guide to steps you should take now to help secure your applications.

Download and run this free scanner to discover the Log4j vulnerability in your software.

Watch this podcast for everything you need to know about the critical Apache Log4j security vulnerability, including what it is, potential impact, and important steps you should take now.

Revenera experts discuss key considerations focusing on supply chain security including actionable steps when looking to implement or consider supply chain security and license compliance.

Revenera experts discuss key considerations focusing on supply chain security including application security and the importance of the Software Bill of Materials.

Practical advice to managing a security issue when one comes up and how to get ahead of future security problems.

Join Revenera’s Director of Product Management, Alex Rybak, as he uncovers and provides insights regarding the complex factors facing the software supply chain.

Once an organization has taken on a security initiative, what is the benefit to integrating security with a Software Composition Analysis solution? Learn more.

If you’re not scrambling to contain and fix this vulnerability, do so now. It’s a doozy folks! Every organization using third-party software or developing custom applications with the Java programming language is potentially impacted. All current versions of log4j2 up to 2.14.1 are vulnerable. Log4j is a very popular logging…

No matter what industry you are in, your company’s code most definitely contains code from someone else.  Today’s software is not written from scratch, but rather assembled from parts.  These parts mostly originate from open source software that’s freely available from the internet.  However, your awareness should not be limited…

Notes from the Field: SCA Analysts and Code Insight Product Trainers talk Observations, Trends and Findings. I find the subject of GPL Linking Exceptions resurfacing often, whether I’m on a SBOM review call with an audit client, advising on Remediation Practices and open source license policy creation, or simply refreshing…

The responsibility for security and license compliance in your software falls to security, developer and legal teams. What happens when an issue comes up that requires fast remediation?

Cyber threats are more real today than ever before. The industry is responding with new regulations. Get the right advice for a successful cyber program.

In the second installment of Revenera’s Open Source Exchange, a panel of experts will discuss why it’s important to look left, consider the current open source software landscape, and begin laying a proactive foundation to deal with inevitable changes around license governance and vulnerability management.

Perhaps you’ve seen the delightfully clever new ad for the iPhone and Apple Watch integration, in which a farmer taps a button on his watch that then signals his phone, lost in a huge haystack, to beep. He reaches in and finds it in seconds. Pre-Apple Watch, we might characterize…

When most of us want to leave 2020 behind as a year of unquestionable struggle, we can’t ignore the impact it’s had, specifically on the need for organizations to step up their efforts to meet changing digital transformation requirements. We’ve been talking about it for a while. You may think…

Open Source Exchange is a free, online ninety-minute experience that brings together security, engineering, and legal decision-makers to better understand the open source landscape. Expert panelists will discuss and answer key questions.

A little more than a week before the Colonial Pipeline attack, two government agencies issued an overview and guidance on how software buyers and vendors could identify, assess and mitigate software supply chain risks. In that 16-page document, “Defending Against Software Supply Chain Attacks” the National Institute of Standards and…

Security breaches are on the rise and no strategy is complete. If you are in software development, security, or compliance, learn more about implementing software composition analysis to manage risk associated with software applications.

Hear from Dr Andreas Kotulla of Bitsea and Revenera expert Nicole Segerer how to manage use of open source securely and legally. (German language webinar)

Manage license compliance and security vulnerabilities in your software components with Revenera Software Composition Analysis.

In this Knowledge Brief, Aberdeen reports that nearly half of security-related issues uncovered in nearly 200 audit projects had a high severity rating. Find out more.

Join us as we cover the basics of open source software, discuss the licensing and security-related risks associated with open source use, and provide you with a starting point for setting legal best practices around open source governance.

In this webinar, experts from Fenwick & West LLP and Revenera will address the copyright issues in the Google v Oracle case on appeal before the U.S. Supreme Court, and the legal implications of the Court’s decision for OSS compliance policies.

Learn more about Revenera’s Software Composition Analysis and Software Monetization solutions and how we help you build better software products, accelerate your time to value, and monetize what matters most.

Join this webinar with Dr. Andreas Kotulla, Founder & Managing Director of Bitsea, and Michael Lelchuk, Manager of Professional Services from Revenera, and learn more about the need for deep code scanning analysis.

It’s imperative to make sure processes supporting your open source environment are dynamic in order to meet the changing needs of both open source license requirements and market shifts. Learn more in this eBook.

Join Revenera software monetization and open source software experts to learn how software organizations can maximize their revenue through license compliance and open source software management.