Resources

Blog

The story behind colors.js and faker.js

The bizarre case of the author who corrupted his own npm packages – colors.js and faker.js. Originally reported by Bleeping Computer on Jan 9th the author of npm packages colors.js and faker.js, Marak Squires, has intentionally committed corrupt versions of each to his public GitHub repositories that trigger infinite loops…

Blog

The FTC’s warning to companies about the failure to protect against open source vulnerabilities

In direct response to the Log4j vulnerability, the United States Federal Trade Commission published an alert. Net? If your company does not take proactive steps to prepare for future vulnerabilities like Log4Shell, not only do you risk legal and financial damage to your business because of hacks and data breaches,…

White Papers & Industry Reports

Revenera's 2022 Report on Software Supply Chain Compliance

The software industry’s reliance on open source, an increase in OSS dependencies, and the frequency of newly reported security exploits has set up a perfect storm for supply chain security. Learn more in this report, complete with relevant data for your business.

Blog

Software supply-chain vulnerabilities: A close look on code

 

Vulnerabilities that affect the supply chain of software and its distribution are easily among the most terrifying experiences any company involved must endure. Such vulnerabilities typically affect a wide range of different parties who use the affected software or parts thereof and who may distribute them further down the road.…

Data Sheets

Log4j: Steps to Take Now

Mitigate your log4j vulnerability risk with this guide to steps you should take now to help secure your applications.

Demo & Trials

FREE TOOL Code Aware for Log4j

FREE TOOL

Download and run this free scanner to discover the Log4j vulnerability in your software.

Video

The Apache Log4j Security Vulnerability

Watch this podcast for everything you need to know about the critical Apache Log4j security vulnerability, including what it is, potential impact, and important steps you should take now.

Video

The Software Supply Chain: Episode 2

Revenera experts discuss key considerations focusing on supply chain security including actionable steps when looking to implement or consider supply chain security and license compliance.

Video

The Software Supply Chain: Episode 1

Revenera experts discuss key considerations focusing on supply chain security including application security and the importance of the Software Bill of Materials.

Video

Managing a Security Incident in an Application

Practical advice to managing a security issue when one comes up and how to get ahead of future security problems.

Webinars & Events

What’s on the Horizon for the Software Supply Chain?

Join Revenera’s Director of Product Management, Alex Rybak, as he uncovers and provides insights regarding the complex factors facing the software supply chain.

Video

Take Care of Your Software Applications with SCA

Once an organization has taken on a security initiative, what is the benefit to integrating security with a Software Composition Analysis solution? Learn more.

Blog

What you need to know about the Log4j security vulnerability

If you’re not scrambling to contain and fix this vulnerability, do so now. It’s a doozy folks! Every organization using third-party software or developing custom applications with the Java programming language is potentially impacted. All current versions of log4j2 up to 2.14.1 are vulnerable. Log4j is a very popular logging…

Blog

When is the right time to conduct an open source audit?

No matter what industry you are in, your company’s code most definitely contains code from someone else.  Today’s software is not written from scratch, but rather assembled from parts.  These parts mostly originate from open source software that’s freely available from the internet.  However, your awareness should not be limited…

Blog

Field Notes: Understanding GPL Linking Exceptions

Notes from the Field: SCA Analysts and Code Insight Product Trainers talk Observations, Trends and Findings. I find the subject of GPL Linking Exceptions resurfacing often, whether I’m on a SBOM review call with an audit client, advising on Remediation Practices and open source license policy creation, or simply refreshing…

Video

Get Security and Compliance Back on Track

The responsibility for security and license compliance in your software falls to security, developer and legal teams. What happens when an issue comes up that requires fast remediation?

Video

Launch a Successful Cybersecurity Program

Cyber threats are more real today than ever before. The industry is responding with new regulations. Get the right advice for a successful cyber program.

Webinars & Events

Open Source Exchange

In the second installment of Revenera’s Open Source Exchange, a panel of experts will discuss why it’s important to look left, consider the current open source software landscape, and begin laying a proactive foundation to deal with inevitable changes around license governance and vulnerability management.

White Papers & Industry Reports

2021 Mid-Year License Compliance Snapshot

Revenera takes a quick look at license compliance and vulnerability management data in this mid-year report. Learn where open source governance is headed and walk away with some actionable key takeaways to get a jump on 2022.

Blog

How developers can drive open source compliance

Perhaps you’ve seen the delightfully clever new ad for the iPhone and Apple Watch integration, in which a farmer taps a button on his watch that then signals his phone, lost in a huge haystack, to beep. He reaches in and finds it in seconds. Pre-Apple Watch, we might characterize…

Blog

Automation is King. Good News for Today’s Software Development Teams.

When most of us want to leave 2020 behind as a year of unquestionable struggle, we can’t ignore the impact it’s had, specifically on the need for organizations to step up their efforts to meet changing digital transformation requirements. We’ve been talking about it for a while. You may think…

Webinars & Events

How to close the avoidance and remediation gap in Open Source Compliance

Webinar

Join Alex Rybak, Revenera and Matias Madou, Secure Code Warrior to discuss why closing this gap is important to help engineering teams and their leaders better understand the impact of open source software on an organization’s ability to create and deliver risk-free solutions.

Webinars & Events

Open Source Exchange

Open Source Exchange is a free, online ninety-minute experience that brings together security, engineering, and legal decision-makers to better understand the open source landscape. Expert panelists will discuss and answer key questions.

Blog

Will your customers want proof of a secure software supply chain?

A little more than a week before the Colonial Pipeline attack, two government agencies issued an overview and guidance on how software buyers and vendors could identify, assess and mitigate software supply chain risks. In that 16-page document, “Defending Against Software Supply Chain Attacks” the National Institute of Standards and…

Webinars & Events

Incorporating Software Composition Analysis into Your Secure Application Strategy

Security breaches are on the rise and no strategy is complete. If you are in software development, security, or compliance, learn more about implementing software composition analysis to manage risk associated with software applications.

Webinars & Events

Compliance and Security in Open Source

Hear from Dr Andreas Kotulla of Bitsea and Revenera expert Nicole Segerer how to manage use of open source securely and legally. (German language webinar)

Video

Know What’s in Your Code

Manage license compliance and security vulnerabilities in your software components with Revenera Software Composition Analysis.

White Papers & Industry Reports

Aberdeen Knowledge Brief. Open Source, With Eyes Wide Open

Report

In this Knowledge Brief, Aberdeen reports that nearly half of security-related issues uncovered in nearly 200 audit projects had a high severity rating. Find out more.

Webinars & Events

The Legalities of Open Source Software 101: Mitigating Legal Risk

Join us as we cover the basics of open source software, discuss the licensing and security-related risks associated with open source use, and provide you with a starting point for setting legal best practices around open source governance.

White Papers & Industry Reports

2021 Open Source License Compliance Report

Research Report

In this report, Revenera compiled license compliance and vulnerability data from 2020 audit services projects to create a snap shot of the state of open source compliance in the industry today.

Webinars & Events

Google v Oracle and the Legal Implications for Open Source Compliance Policies

In this webinar, experts from Fenwick & West LLP and Revenera will address the copyright issues in the Google v Oracle case on appeal before the U.S. Supreme Court, and the legal implications of the Court’s decision for OSS compliance policies.

Webinars & Events

2021 Open Source Governance: Top Ten Trends and Predictions

Webinar

Alex Rybak, Director of Product Management at Revenera, and Russ Eling, founder and CEO of OSS Engineering Consultants, share their top 10 open source usage, license compliance and security insights for 2021.

Data Sheets

Manage and Monetize Your Software, SaaS and IoT Solutions

Learn more about Revenera’s Software Composition Analysis and Software Monetization solutions and how we help you build better software products, accelerate your time to value, and monetize what matters most.

Webinars & Events

Getting Real About The Complexity of Auditing Linux

Join this webinar with Dr. Andreas Kotulla, Founder & Managing Director of Bitsea, and Michael Lelchuk, Manager of Professional Services from Revenera, and learn more about the need for deep code scanning analysis.

White Papers & Industry Reports

Your Code Isn’t Static. Evolve Your Open Source Processes

EBook

It’s imperative to make sure processes supporting your open source environment are dynamic in order to meet the changing needs of both open source license requirements and market shifts. Learn more in this eBook.

Webinars & Events

Avoid Unhappy Returns- Proactively Plug Your Revenue Leaks

Join Revenera software monetization and open source software experts to learn how software organizations can maximize their revenue through license compliance and open source software management.

Webinars & Events

Revenera Certification with Legal Professionals

More Information

This course is intended for legal counsel to acquire Revenera certification for Open Source Software (OSS) use within internal applications, for M&A and other due diligence efforts, and in product development and distribution.

Webinars & Events

Open Source Central

Open Source Central is a webinar resource center containing educational content from open source experts from industry, specialist industry bodies.

Webinars & Events

Your Code Isn’t Static, Your Software Development Processes Shouldn’t Be Either

Webinar

In this webinar with Alex Rybak, Director of Product Management at Revenera, learn more about the impact of change in the world of open source software and the processes supported by software development teams.

Webinars & Events

Open Source Central: Focus on Open Source Compliance and Security During Legal Transactions

Join Leon Schwartz, Associate at GTC Law Group, and Amy Chun, Partner at Knobbe Martens to learn how to raise the level of open source awareness and managemen to make the Mergers & Acquisitions process smoother.

Webinars & Events

Open Source Central: What is a Secure Software Development Framework?

Join Martin Callinan, founder of Source Code Control, and Alex Rybak, Director of Product Management at Revenera for a webinar to learn how software vulnerabilities can enter the software supply chain, how these vulnerabilities have been exploited and the business impact created, and much more.

Data Sheets

Creating and Maintaining Trust with Open Source Software

Using open source software creates a responsibility to manage the associated risks surrounding security, license compliance and quality.

Webinars & Events

A Year in Legal Review for Open Source Licensing

Leon Schwartz, Associate at GTC Law Group, and Marty Mellican, Associate General Counsel at Revenera, look back at 2019 in this webinar and show us how open source trends are shaping open source legal responsibilities and approaches.

White Papers & Industry Reports

Open Source Software: Get More Value, Manage Your Risks

Read this Knowledge Brief and learn more critical data points from pointing to how managing open source risk the right way opens organizations up to making well-informed business decisions.

Webinars & Events

Insights and Trends to Evolve Your Compliance and Security Practices

Webinar

Join Revenera’s Kendra Morton and Dave McLoughlin for this webinar as they help companies better understand the current state of open source license compliance and security, with insights from Revenera’s 2020 License Compliance Research Report.

White Papers & Industry Reports

Chasing Open Source License Compliance: Get the Facts

Using open source software comes with potential risk and therefore responsibilities. Get the facts on license compliance and take the right steps for transparency and control.

White Papers & Industry Reports

The 2020 License Compliance Research Report

In this report, Revenera compiled license compliance and vulnerability data from 2019 audit services projects, and highlights key data points about open source license compliance.

Data Sheets

Protecting Cardholder Data and Meeting PCI Software Security Standards

With the regulatory changes by the Payment Card Industry Security Standards Council (PCI SSC) related to the development and management of payment application software focused on open source scanning, Revenera conducted an interview with several experts to address frequently asked questions.