Resources

The bizarre case of the author who corrupted his own npm packages – colors.js and faker.js. Originally reported by Bleeping Computer on Jan 9th the author of npm packages colors.js and faker.js, Marak Squires, has intentionally committed corrupt versions of each to his public GitHub repositories that trigger infinite loops…

In direct response to the Log4j vulnerability, the United States Federal Trade Commission published an alert. Net? If your company does not take proactive steps to prepare for future vulnerabilities like Log4Shell, not only do you risk legal and financial damage to your business because of hacks and data breaches,…

The software industry’s reliance on open source, an increase in OSS dependencies, and the frequency of newly reported security exploits has set up a perfect storm for supply chain security. Learn more in this report, complete with relevant data for your business.

 

Vulnerabilities that affect the supply chain of software and its distribution are easily among the most terrifying experiences any company involved must endure. Such vulnerabilities typically affect a wide range of different parties who use the affected software or parts thereof and who may distribute them further down the road.…

Mitigate your log4j vulnerability risk with this guide to steps you should take now to help secure your applications.

Download and run this free scanner to discover the Log4j vulnerability in your software.

Watch this podcast for everything you need to know about the critical Apache Log4j security vulnerability, including what it is, potential impact, and important steps you should take now.

Revenera experts discuss key considerations focusing on supply chain security including actionable steps when looking to implement or consider supply chain security and license compliance.

Revenera experts discuss key considerations focusing on supply chain security including application security and the importance of the Software Bill of Materials.

Practical advice to managing a security issue when one comes up and how to get ahead of future security problems.

Join Revenera’s Director of Product Management, Alex Rybak, as he uncovers and provides insights regarding the complex factors facing the software supply chain.

Once an organization has taken on a security initiative, what is the benefit to integrating security with a Software Composition Analysis solution? Learn more.

If you’re not scrambling to contain and fix this vulnerability, do so now. It’s a doozy folks! Every organization using third-party software or developing custom applications with the Java programming language is potentially impacted. All current versions of log4j2 up to 2.14.1 are vulnerable. Log4j is a very popular logging…

No matter what industry you are in, your company’s code most definitely contains code from someone else.  Today’s software is not written from scratch, but rather assembled from parts.  These parts mostly originate from open source software that’s freely available from the internet.  However, your awareness should not be limited…

Notes from the Field: SCA Analysts and Code Insight Product Trainers talk Observations, Trends and Findings. I find the subject of GPL Linking Exceptions resurfacing often, whether I’m on a SBOM review call with an audit client, advising on Remediation Practices and open source license policy creation, or simply refreshing…

The responsibility for security and license compliance in your software falls to security, developer and legal teams. What happens when an issue comes up that requires fast remediation?

Cyber threats are more real today than ever before. The industry is responding with new regulations. Get the right advice for a successful cyber program.

In the second installment of Revenera’s Open Source Exchange, a panel of experts will discuss why it’s important to look left, consider the current open source software landscape, and begin laying a proactive foundation to deal with inevitable changes around license governance and vulnerability management.

Revenera takes a quick look at license compliance and vulnerability management data in this mid-year report. Learn where open source governance is headed and walk away with some actionable key takeaways to get a jump on 2022.

Perhaps you’ve seen the delightfully clever new ad for the iPhone and Apple Watch integration, in which a farmer taps a button on his watch that then signals his phone, lost in a huge haystack, to beep. He reaches in and finds it in seconds. Pre-Apple Watch, we might characterize…

When most of us want to leave 2020 behind as a year of unquestionable struggle, we can’t ignore the impact it’s had, specifically on the need for organizations to step up their efforts to meet changing digital transformation requirements. We’ve been talking about it for a while. You may think…

Join Alex Rybak, Revenera and Matias Madou, Secure Code Warrior to discuss why closing this gap is important to help engineering teams and their leaders better understand the impact of open source software on an organization’s ability to create and deliver risk-free solutions.

Open Source Exchange is a free, online ninety-minute experience that brings together security, engineering, and legal decision-makers to better understand the open source landscape. Expert panelists will discuss and answer key questions.

A little more than a week before the Colonial Pipeline attack, two government agencies issued an overview and guidance on how software buyers and vendors could identify, assess and mitigate software supply chain risks. In that 16-page document, “Defending Against Software Supply Chain Attacks” the National Institute of Standards and…

Security breaches are on the rise and no strategy is complete. If you are in software development, security, or compliance, learn more about implementing software composition analysis to manage risk associated with software applications.

Hear from Dr Andreas Kotulla of Bitsea and Revenera expert Nicole Segerer how to manage use of open source securely and legally. (German language webinar)

Manage license compliance and security vulnerabilities in your software components with Revenera Software Composition Analysis.

In this Knowledge Brief, Aberdeen reports that nearly half of security-related issues uncovered in nearly 200 audit projects had a high severity rating. Find out more.

Join us as we cover the basics of open source software, discuss the licensing and security-related risks associated with open source use, and provide you with a starting point for setting legal best practices around open source governance.

In this report, Revenera compiled license compliance and vulnerability data from 2020 audit services projects to create a snap shot of the state of open source compliance in the industry today.

In this webinar, experts from Fenwick & West LLP and Revenera will address the copyright issues in the Google v Oracle case on appeal before the U.S. Supreme Court, and the legal implications of the Court’s decision for OSS compliance policies.

Alex Rybak, Director of Product Management at Revenera, and Russ Eling, founder and CEO of OSS Engineering Consultants, share their top 10 open source usage, license compliance and security insights for 2021.

Learn more about Revenera’s Software Composition Analysis and Software Monetization solutions and how we help you build better software products, accelerate your time to value, and monetize what matters most.

Join this webinar with Dr. Andreas Kotulla, Founder & Managing Director of Bitsea, and Michael Lelchuk, Manager of Professional Services from Revenera, and learn more about the need for deep code scanning analysis.

It’s imperative to make sure processes supporting your open source environment are dynamic in order to meet the changing needs of both open source license requirements and market shifts. Learn more in this eBook.

Join Revenera software monetization and open source software experts to learn how software organizations can maximize their revenue through license compliance and open source software management.

This course is intended for legal counsel to acquire Revenera certification for Open Source Software (OSS) use within internal applications, for M&A and other due diligence efforts, and in product development and distribution.

Open Source Central is a webinar resource center containing educational content from open source experts from industry, specialist industry bodies.

In this webinar with Alex Rybak, Director of Product Management at Revenera, learn more about the impact of change in the world of open source software and the processes supported by software development teams.

Join Leon Schwartz, Associate at GTC Law Group, and Amy Chun, Partner at Knobbe Martens to learn how to raise the level of open source awareness and managemen to make the Mergers & Acquisitions process smoother.

Join Martin Callinan, founder of Source Code Control, and Alex Rybak, Director of Product Management at Revenera for a webinar to learn how software vulnerabilities can enter the software supply chain, how these vulnerabilities have been exploited and the business impact created, and much more.

Using open source software creates a responsibility to manage the associated risks surrounding security, license compliance and quality.

Leon Schwartz, Associate at GTC Law Group, and Marty Mellican, Associate General Counsel at Revenera, look back at 2019 in this webinar and show us how open source trends are shaping open source legal responsibilities and approaches.

Read this Knowledge Brief and learn more critical data points from pointing to how managing open source risk the right way opens organizations up to making well-informed business decisions.

Join Revenera’s Kendra Morton and Dave McLoughlin for this webinar as they help companies better understand the current state of open source license compliance and security, with insights from Revenera’s 2020 License Compliance Research Report.

Using open source software comes with potential risk and therefore responsibilities. Get the facts on license compliance and take the right steps for transparency and control.

In this report, Revenera compiled license compliance and vulnerability data from 2019 audit services projects, and highlights key data points about open source license compliance.

With the regulatory changes by the Payment Card Industry Security Standards Council (PCI SSC) related to the development and management of payment application software focused on open source scanning, Revenera conducted an interview with several experts to address frequently asked questions.