Favorite This past month, the Open Source Security Foundation (OpenSSF) hosted SOSS Fusion in Atlanta, an event that brought together a diverse community of leaders and innovators from across the digital security spectrum. The conference, held on October 22-23, explored themes central to today’s technological landscape: AI security, diversity in
Favorite The software supply chain just gained some transparency thanks to an integration of the Open Source Initiative (OSI) project, ClearlyDefined, into GUAC (Graph for Understanding Artifact Composition), an OpenSSF project from the Linux Foundation. GUAC provides a comprehensive mapping of software packages, dependencies, vulnerabilities, attestations, and more, allowing organizations
Favorite ClearlyDefined, an Open Source project that helps organizations with supply chain compliance, now provides a new harvester implementation for conda, a popular package manager with a large collection of pre-built packages for various domains, including data science, machine learning, scientific computing and more. Conda provides package, dependency and environment
Favorite ClearlyDefined is an Open Source project that helps organizations with supply chain compliance. Until recently, ClearlyDefined’s tooling only supported licenses that were part of the standardized SPDX license list. Any component identified by a license that was not part of this list resulted in NOASSERTION, which introduced uncertainty about
Favorite With all the buzz around SBOMs and Open Source supply chain compliance and security, a new revolution is igniting at ClearlyDefined. This amazing project has been flying under the radar since its inception six years ago, but now this free service and open source project from the Open Source
Favorite The 2023 report of the licenses in use by the biggest package managers highlights the need to educate developers on the importance of licensing information. While many developers know that Open Source software forms the backbone of modern development, the data shows that much of their software is shared
Favorite Over the 25 years of OSI operation, our understanding of what makes an Open Source license successful, and what things cause problems, has evolved considerably. Ideas that were interesting experiments in 2002 have been shown not to work, and provisions like patent grants have been shown to be necessary.
Favorite Earlier this month, we announced completion of the project to review the list of Approved Licenses. The Open Source community needs a resource to confidently and easily identify OSI-approved licenses, and now we have it. This approval registry offers a comprehensive and authoritative listing of all licenses so organizations
Favorite A license-review project has been underway with the goal of creating a systematic and well-ordered database of all the licenses that have been submitted to OSI for approval since the time of the organization’s founding. Giulia Dellanoce was brought on as an intern to complete this Approval Registry project,
Shared by voicesofopensource November 6, 2024
