Read about open source, SBOMs, licensing, SCA, and compliance
from the nexB team.

FOSS Daily for licensing “hygiene” and vulnerability compliance

Pay attention to your software – especially your open source components – as a daily habit.

PURLs of Wisdom: Universal software package identification

Accurately identify third-party software packages with PURL.

Non-Vulnerable Dependency Resolution

Dependencies may come with vulnerabilities that can be exploited by attackers.

ScanCode LicenseDB: 2,000+ licenses curated in a public database

The ScanCode LicenseDB is all about identifying a wide variety of licenses that are actually found in software.

What is a Dual License Anyway?

Make it easier for users and remove the word “Dual” from your software project notice vocabulary.

SCA the FOSS Way – Part 1: Software Composition Analysis

SCA is critical for modern software development – for both proprietary and open source software.

Do you really need to update the copyright each new year?

Developers update their project’s copyright notices at each new year, but why is it needed?

VulnerableCode v31 expands vulnerability coverage

VulnTotal cross-validates vulnerability coverage across other checking tools and databases.

There and back again: A software versioning story

One software version control to rule them (modern software development) all?

Providing Clarity on License Clarity Scoring in ScanCode

When automating SCA, License Clarity Scoring helps determine if scan results require more review.

VulnerableCode: Find FOSS vulnerabilities, improve FOSS security

Automate finding FOSS component security vulnerabilities, using open data and FOSS tools.

VulnerableCode v30 publicly available with new UI and API access

VulnerableCode is as a free and open database of open source software package vulnerabilities.

Google Summer of Code: Open source SCA tools with AboutCode

nexB is a mentor organization for student developers to work on open source development.

nexB on Software Bill of Materials and Software Composition Analysis

We’ve never seen anything that raises the urgency for Software Composition Analysis like this.

nexB on GPL 3.0 and Related License Compliance Issues

The severity of Copyleft license-related issues depends on the context of OSS license policies.

Using Copyleft-licensed software components in a Java application

Key considerations while using Copyleft-licensed software components in a Java application.

Importance of snippet matching for software provenance analysis

Is snippet matching worth the resources involved for FOSS compliance?

How much documentation for a software project?

There is never enough documentation! Docs encourage users to discover more.

What are the membership levels in the Linux Foundation?

Open Source Stack Exchange answers questions about the business of open source.

Open Source Stack Exchange: Can a team be a copyright holder?

Concise copyright statements are better for both your team and your users.

Is a page that contains Javascript considered redistribution?

JavaScript in a web page is code redistributed to whoever loads this page in their browser.

Wix vs. WordPress and what we can learn about the GPL

“If I were being honest, I’d say that Wix copied WordPress without attribution…”

Software Dependencies: A not-too-technical guide

Larger software systems and products are assembled from many software components.

What are the Benefits of Using Open Source Software?

Free/Libre Open Source Software (FLOSS) refers to freedom (libre), not price.

What is Open Source Software (OSS)? And Is It Free to Use?

Open source software (OSS) is software composed of source code open to the general public.

Best Practices for Open Source Software (OSS) Attribution

What is actually legally required? What is the best way to meet FOSS attribution obligations?

OSS Attribution Case Study: DataTables and Healthcare.gov

Developers are not likely to do a good job fulfilling OSS obligations without clear guidance.

Ensuring software license compliance can be difficult.

We can help.