Guiding You to Open Source Compliance & Safety

long-logo-white

ISO/IEC 5230:2020

Trusted By

Benefits of Working With Us

Open source compliance and security isn’t just about providing legal advice or having a Software Composition Analysis tool. It’s about having the right processes, governance, training, and support, so continuous open source compliance and security become seamless, and you can focus on what you do best

Open source compliance and security isn’t just about providing legal advice or having a Software Composition Analysis tool. It’s about having the right processes, governance, training, and support, so continuous open source compliance and security become seamless, and you can focus on what you do best

With you on your journey to Open Source Compliance & Safety

Consulting & Implementation

Open Source Management Assessment & Optimization

>

Open Source Security Optimization

>

Open Source Strategy

>

Open Source Program Implementation

>

Managed Services

Code Scanning, SBOM Creation & OSS remediation plan

>

OSPO as a Service

>

Open Source Processes, Secure Reuse & Compliance Training

>

Contractor/Supplier OSS Compliance Audits

>

Audit

Open Source Program Assessment (+ ISO/IEC 5230:2020 Readiness)

>

M&A Open Source Due Diligence

>

Insights

philipp-katzenberger-iIJrUoeRoCQ-unsplash (2)
צביקה רונן

The connection between Open Source and cyber threats

Open Source Software is a fundamental building block in any modern technology. It has been adopted and is widely used in all fields of modern technology. Open Source Software can be found in cars, cell phones, medical devices, smart TVs, and practically any commercial software written in the past decade.
But, who is responsible for the Open Source security in your product?

Read More
container - Copy
צביקה רונן

ב2021 אפל ומיקרוסופט נפרצו עקב חולשות הקשורות בקוד פתוח, מה צריך לעשות כדי שזה לא יקרה לך?

בתחילת 2021 האקר לבן בשם אלכס בירסן קיבל פרסי באג-באונטי בשווי 130 אלף דולר לאחר שהצליח לעקוף את כל מעגלי האבטחה של חברות, מהמובילות בתעשיית התוכנה בעולם, חברות כמו אפל, מייקרוסופט, פייפאל ועוד כמה גדולות ומפורסמות. הכל התחיל מקובץ חבילת התקנה (package manager) של פייפאל שהתגלגל לידיו.
מה צריך לעשות כדי שזה לא יקרה לך?

Read More
תוכנה-חופשית-או-1
יניב אוזרזון

“תוכנה חופשית” או “קוד פתוח”, אל תעשה שימוש לפני שהבנת את ההבדל!

היום כל תוכנה מסחרית מורכבת ברובה מרכיבי קוד פתוח ותוכנות חופשיות. עולם התוכנה אימץ את התוכנות החופשיות והקוד הפתוח באופן שלא ניתן לערעור. האימוץ הנרחב מחייב הבנה של המושגים וניהול רכיבי הקוד הפתוח והתוכנה החופשית על מנת להימנע משילוב רישיונות סותרים העלולים לסכן את הקניין הרוחני של החברה או שימוש ברכיבים בעלי חולשות אבטחה ידועות

Read More

Open Source Management Assessment & Optimization

Some open source management programs experience overwhelming amounts of compliance and security issues which may lead to a backlog of activities and eventually costly remediation, caused by inefficient processes and workflows. FOSSAware consults you on your existing open source management program regarding the optimization of processes and workflows and risk-based approvals methodology Aligned with your commercial vision and risk appetite.

Open Source Security Optimization

The Open Source software you use, and how you get it, can significantly impact the security of the result. Much like any other software Open Source Software may have design and coding flaws that lead to software vulnerabilities. Nonetheless, managing Open Source Software requires dedicated tools and methodologies to reduce security risks and ensure business continuity.

Open Source Strategy

Open Source Software has become an essential part of modern software development and its main building block. Under managing, open source software reduces its potential benefits and imposes unnecessary risks. FOSSAware provides you with the necessary help and advice for developing a clear and solid open source organizational strategy and Policy to mitigate these risks.

Open Source Program Implementation

Having an Open Source Strategy and Policy does not unfold its maximum potential if it is poorly implemented. FOSSAware helps you successfully implement the Open Source Management Program starting from the pilot stage to a fully functional management program.

Code Scanning, SBOM Creation & OSS remediation plan

Reduce the need for internal resources. FOSSAware can provide you with code scanning, SBOM creation, and an open source software remediation plan as a service for your products and solutions.

OSPO as a Service

Access to cutting-edge OSS industry knowledge on Open Source programs can be your answer to the war of talent and the lack of in-house expertise and capacity.

Open Source Processes, Secure Reuse & Compliance Training

Benefit from first-hand experience of industry experts through open source process, secure reuse and compliance training tailored to your employees’ specific needs.

Contractor/Supplier OSS Compliance Audits

Knowing your contractor’s / supplier’s OSS Compliance Management maturity is key to reducing internal efforts and avoiding double checking external code and compliance artifacts.

Open Source Program Assessment (+ ISO/IEC 5230:2020 Readiness)

ISO/IEC 5230:2020 (OpenChain 2.1) defines the key requirements of a quality open source license compliance program, and the OpenChain Security Assurance Reference Guide identifies the minimum core set of requirements every Security Assurance program should satisfy.

To be confident in your open source compliance and security posture, FOSSAware offers support and assessment of your open source management program, according to ISO5230 and the OpenChain Security Assurance Guide key requirements.

M&A Open Source Due Diligence

Encompassing over two-thirds of the average modern software, open source has become an essential part of software development. Companies involved with technology M&A understand the importance and risks open source software poses to the deal’s value, whether the key asset is a device, software, or service. FOSSAware audits and analyses the key assets to identify and report open source actual and potential risks.

Skip to content