No matter what industry you are in, your company’s code most definitely contains code from someone else.  Today’s software is not written from scratch, but rather assembled from parts.  These parts mostly originate from open source software that’s freely available from the internet.  However, your awareness should not be limited…

Notes from the Field: SCA Analysts and Code Insight Product Trainers talk Observations, Trends and Findings. I find the subject of GPL Linking Exceptions resurfacing often, whether I’m on a SBOM review call with an audit client, advising on Remediation Practices and open source license policy creation, or simply refreshing…

 

The global pandemic’s impact on business continues to surface in both small and big ways, including security issues, work-from-home challenges, reopening approaches, and profit losses. Because of this new normal many organizations are engaging in strategies to migrate to the cloud and more seriously consider paths to digital transformation. For…

Perhaps you’ve seen the delightfully clever new ad for the iPhone and Apple Watch integration, in which a farmer taps a button on his watch that then signals his phone, lost in a huge haystack, to beep. He reaches in and finds it in seconds. Pre-Apple Watch, we might characterize…

When most of us want to leave 2020 behind as a year of unquestionable struggle, we can’t ignore the impact it’s had, specifically on the need for organizations to step up their efforts to meet changing digital transformation requirements. We’ve been talking about it for a while. You may think…

A little more than a week before the Colonial Pipeline attack, two government agencies issued an overview and guidance on how software buyers and vendors could identify, assess and mitigate software supply chain risks. In that 16-page document, “Defending Against Software Supply Chain Attacks” the National Institute of Standards and…