Badges
User Activity
About 1 year ago
Answered a question: What is the best way to track open-source license compatibility?
Open Source licenses require management and not just tracking.
xGPL license is the 3rd most popular license in use. Alerting or blocking all xGPL licenses will be hard to manage and very costly to avoid/replace
The best way is to implement an Open Source management…
Almost 2 years ago
Contributed a review of Snyk: Useful software composition analysis, highly scalable, and good support
Almost 2 years ago
Contributed a review of Mend.io: It has good dashboard and management views, and it is helpful for early fixing and post-production management
About 2 years ago
Answered a question: What is an Application Security Posture Management (ASPM)?
I'd like to add to the previous comment the SCA (software composition analysis) perspective.
Today each organization use open source components in multiple ways (at its infrastructure, 3rd party tools, as building blocks in its software development) there is no "Open Source…
About 2 years ago
Asked a question: Developer sabotaged his own popular open-source libraries - WDYT?
About 2 years ago
Answered a question: How to use Software Bill Of Materials (SBOM) to protect the supply chain from cyberattacks?
It depends, if the organization creates its software, then SBOM shell be used to monitor new vulnerabilities in order to fix on time and alert the customers
If the organization is only using the software (supply chain) they should ask, for their critical software, the…
About 2 years ago
Answered a question: What are your top DevOps and DevSecOps predictions for 2022?
My prediction is that company will adopt SCA tools into their CI/CD to manage open-source related risks.
The log4j vulnerability pulled the open-source vulnerability awareness trigger for software consumers and the lack of management by the software creators. All software…
Projects
Reviews
Questions
About 2 years ago
Software Components
Answers
About 1 year ago
Software Composition Analysis (SCA)
About 2 years ago
Application Security Tools
About 2 years ago
Supply Chain Management Software
About 2 years ago
Application Security Tools
About me
Co - Founder | Open Source Risk Management | Open Source Licensing | Open Source Due Diligence | OpenChain partner | ISO5230
Interesting Projects and Accomplishments
About 3 years ago