Case study: enhancing SBOMs with cdsbom at the Linux Foundation

Favorite Authors: Jeff Mendoza and Gary O’Neall Open Source licensing is a cornerstone of modern software development, enabling organizations to accelerate innovation by reusing existing components. However, accurately capturing licensing details in SBOMs (Software Bill of Materials) at scale is often challenging. Incomplete or inconsistent license data can lead to

Read More
Shared by voicesofopensource August 5, 2025

Improving Open Source security with the new GitHub Secure Open Source Fund

Favorite The Open Source community underpins much of today’s software innovation, but with this power comes responsibility. Security vulnerabilities, unclear licensing, and a lack of transparency in software components pose significant risks to software supply chains. Recognizing this challenge, GitHub recently announced the GitHub Secure Open Source Fund—a transformative initiative

Read More
Shared by voicesofopensource December 3, 2024

Celebrating 5 years at the Open Source Initiative: a journey of growth, challenges, and community engagement

Favorite Reaching the five-year mark at the Open Source Initiative (OSI) has been a huge privilege. It’s been a whirlwind of progress, personal growth, and community engagement—filled with highs, great challenges, and plenty of Open Source celebrations. As I reflect on this milestone, it’s impossible not to feel both gratitude

Read More
Shared by voicesofopensource November 27, 2024

ClearlyDefined v2.0 adds support for LicenseRefs

Favorite One of the major focuses of the ClearlyDefined Technical Roadmap is the improvement in the quality of license data. As such, we are excited to announce the release of ClearlyDefined v2.0 which adds over 2,000 new well-known licenses it can identify. You can see the complete list of new non-SPDX licenses in ScanCode LicenseDB.

Read More
Shared by voicesofopensource November 12, 2024

ClearlyDefined at SOSS Fusion 2024: a collaborative solution to Open Source license compliance

Favorite This past month, the Open Source Security Foundation (OpenSSF) hosted SOSS Fusion in Atlanta, an event that brought together a diverse community of leaders and innovators from across the digital security spectrum. The conference, held on October 22-23, explored themes central to today’s technological landscape: AI security, diversity in

Read More
Shared by voicesofopensource November 6, 2024

ClearlyDefined’s Steering and Outreach Committees Defined

Favorite We are excited to announce the newly elected leaders for the ClearlyDefined Steering and Outreach Committees! What is ClearlyDefined? ClearlyDefined is an Open Source project dedicated to improving the clarity and transparency of Open Source licensing and security data. By harvesting, curating, and sharing essential metadata, ClearlyDefined helps developers

Read More
Shared by voicesofopensource October 16, 2024

GUAC adopts license metadata from ClearlyDefined

Favorite The software supply chain just gained some transparency thanks to an integration of the Open Source Initiative (OSI) project, ClearlyDefined, into GUAC (Graph for Understanding Artifact Composition), an OpenSSF project from the Linux Foundation. GUAC provides a comprehensive mapping of software packages, dependencies, vulnerabilities, attestations, and more, allowing organizations

Read More
Shared by voicesofopensource August 6, 2024

Better identifying conda packages with ClearlyDefined

Favorite ClearlyDefined, an Open Source project that helps organizations with supply chain compliance,  now provides a new harvester implementation for conda, a popular package manager with a large collection of pre-built packages for various domains, including data science, machine learning, scientific computing and more. Conda provides package, dependency and environment

Read More
Shared by voicesofopensource July 23, 2024