Contact Us
Contact Us

Guiding You to Open Source Compliance & Safety

long-logo-white

ISO/IEC 5230:2020

Trusted By

Eyecontrol logo 40 trans
moveo logo 2 40 trans
LiveU logo 40 trans
essence logo 40 trans
Force Majeure logo 40
IntSights Logo 2 40 trans
cyberteam360 logo 40 trans
smartap logo 40 trans
SunDaySky logo 40 trans
Atera_40_trance
cloudinary_40_trance
strauss_40_trance
TAU_60_trance
TechnionLogo_60_trance
phoenix_40_trance
Base-logo-Formarly_Formerly-Crowdvocate
Sapiens_40_trance
Liquidity_40_trance
Reichman_University_100_trance
Scribe-Security-Logo_60_trance
40px-Playtech_logo.svg
100px ICL_NEW_LOGO_TRANSPARENT
maccabi v2 50px
clal v2 50px

Benefits of Working With Us

  • An official OpenChain Partner
  • Extensive Intellectual Property, Open Source management and training experience
  • Proven experience with organizations of all sizes.
  • Focusing on dedicated solutions for your business needs
  • Service and advice from real people
  • Experts in a wide range of Software Composition Analysis tools
  • One-stop-shop for open source compliance and security
Contact Our Experts

Open source compliance and security isn’t just about providing legal advice or having a Software Composition Analysis tool. It’s about having the right processes, governance, training, and support, so continuous open source compliance and security become seamless, and you can focus on what you do best

Open source compliance and security isn’t just about providing legal advice or having a Software Composition Analysis tool. It’s about having the right processes, governance, training, and support, so continuous open source compliance and security become seamless, and you can focus on what you do best

Contact Our Experts

With you on your journey to Open Source Compliance & Safety

Consulting & Implementation

Open Source Management Assessment & Optimization

>

Open Source Security Optimization

>

Open Source Strategy

>

Open Source Program Implementation

>

Managed Services

Code Scanning, SBOM Creation & OSS remediation plan

>

OSPO as a Service

>

Open Source Processes, Secure Reuse & Compliance Training

>

Contractor/Supplier OSS Compliance Audits

>

Audit

Open Source Program Assessment (+ ISO/IEC 5230:2020 Readiness)

>

M&A Open Source Due Diligence

>

Insights

philipp-katzenberger-iIJrUoeRoCQ-unsplash (2)
צביקה רונן

The connection between Open Source and cyber threats

Open Source Software is a fundamental building block in any modern technology. It has been adopted and is widely used in all fields of modern technology. Open Source Software can be found in cars, cell phones, medical devices, smart TVs, and practically any commercial software written in the past decade.
But, who is responsible for the Open Source security in your product?

Read More
container - Copy
צביקה רונן

ב2021 אפל ומיקרוסופט נפרצו עקב חולשות הקשורות בקוד פתוח, מה צריך לעשות כדי שזה לא יקרה לך?

בתחילת 2021 האקר לבן בשם אלכס בירסן קיבל פרסי באג-באונטי בשווי 130 אלף דולר לאחר שהצליח לעקוף את כל מעגלי האבטחה של חברות, מהמובילות בתעשיית התוכנה בעולם, חברות כמו אפל, מייקרוסופט, פייפאל ועוד כמה גדולות ומפורסמות. הכל התחיל מקובץ חבילת התקנה (package manager) של פייפאל שהתגלגל לידיו.
מה צריך לעשות כדי שזה לא יקרה לך?

Read More
April 21, 2021
תוכנה-חופשית-או-1
יניב אוזרזון

“תוכנה חופשית” או “קוד פתוח”, אל תעשה שימוש לפני שהבנת את ההבדל!

היום כל תוכנה מסחרית מורכבת ברובה מרכיבי קוד פתוח ותוכנות חופשיות. עולם התוכנה אימץ את התוכנות החופשיות והקוד הפתוח באופן שלא ניתן לערעור. האימוץ הנרחב מחייב הבנה של המושגים וניהול רכיבי הקוד הפתוח והתוכנה החופשית על מנת להימנע משילוב רישיונות סותרים העלולים לסכן את הקניין הרוחני של החברה או שימוש ברכיבים בעלי חולשות אבטחה ידועות

Read More
April 4, 2021

FOSSAware is a leader in open source strategy, management, and services, helping clients navigate a dynamic open source risk environment.

Share This Page

© 2022 FOSSAware | All Rights Reserved | Terms of Use | Privacy Policy

Share This Page

Open Source Management Assessment & Optimization

Some open source management programs experience overwhelming amounts of compliance and security issues which may lead to a backlog of activities and eventually costly remediation, caused by inefficient processes and workflows. FOSSAware consults you on your existing open source management program regarding the optimization of processes and workflows and risk-based approvals methodology Aligned with your commercial vision and risk appetite.

  • Assessment of your open source management program maturity and its alignment with your common use cases, commercial vision, and risk appetite.
  • Introducing risk-based approval methodology according to your use case and risk appetite to free up unnecessary resources.
  • Re-allocation of resources to maximize the program effectivity.
  • Selection of Software Composition Analysis (SCA) tooling for OSS compliance and security scanning.
  • Configuration of Software Composition Analysis (SCA) tooling according to your product architecture and open source policy.
  • Creation of clear guidelines to reduce friction between R&D and the legal department.

Open Source Security Optimization

The Open Source software you use, and how you get it, can significantly impact the security of the result. Much like any other software Open Source Software may have design and coding flaws that lead to software vulnerabilities. Nonetheless, managing Open Source Software requires dedicated tools and methodologies to reduce security risks and ensure business continuity.

  • Assessment of your Open Source Security program and relevant methodologies.
  • Design and implementation of instructions, policies, methodologies, and processes for your Open Source Security Management program.
  • Optimization of your Software Composition Analysis (SCA) tooling and configuration to suit your development technologies, development life cycle, and open source security policy.

Open Source Strategy

Open Source Software has become an essential part of modern software development and its main building block. Under managing, open source software reduces its potential benefits and imposes unnecessary risks. FOSSAware provides you with the necessary help and advice for developing a clear and solid open source organizational strategy and Policy to mitigate these risks.

  • Identification and analysis of company-specific open source opportunities, usage and challenges.
  • Identification of the resulting application-specific open source risks.
  • Identification of company risk appetite.
  • Definition of open source focus areas (e.g. specific business areas, application scenarios, etc.).
  • Drafting a clear and solid open source organizational strategy and Policy.

Open Source Program Implementation

Having an Open Source Strategy and Policy does not unfold its maximum potential if it is poorly implemented. FOSSAware helps you successfully implement the Open Source Management Program starting from the pilot stage to a fully functional management program.

  • Definition of all necessary policy aspects (e.g. roles, responsibilities, open source consumption, compliance, security, etc.).
  • Establishment of all necessary Open Source Processes (e.g. secure reuse of open source software, contribution to existing OSS projects, development and release of company OSS projects).
  • Phased implementation one department at a time including selection of candidates / business units for pilot introduction.
  • Allocation of responsibilities to your personnel according to their competencies for a sustainable management program.

Code Scanning, SBOM Creation & OSS remediation plan

Reduce the need for internal resources. FOSSAware can provide you with code scanning, SBOM creation, and an open source software remediation plan as a service for your products and solutions.

  • Usage of FOSSAware compliance tooling (or operation of your SCA tools) to scan your source code regarding open source compliance and security aspects.
  • Clean-up and curation of identified components.
  • Clarification and remediation of identified issues.
  • Provision of complete Software Bill of Materials (SBOM) for your software.

OSPO as a Service

Access to cutting-edge OSS industry knowledge on Open Source programs can be your answer to the war of talent and the lack of in-house expertise and capacity.

  • First point of contact for all questions regarding OSS compliance management.
  • End-to-end support and services in the product lifecycle for continuous compliance.
  • Ad-hoc support for OSS tooling, OSS component, OSS license, OSS integration questions, OSS security.
  • Check of use case, risk triggers as per use case, and according to license compliance considerations and company policy.

Open Source Processes, Secure Reuse & Compliance Training

Benefit from first-hand experience of industry experts through open source process, secure reuse and compliance training tailored to your employees’ specific needs.

  • Design and align training program.
  • Perform target group-specific training from new hire up to senior staff per virtual sessions, web-based training, and on-site where possible.
  • Integration in annual compliance assessments including learning success control.

Contractor/Supplier OSS Compliance Audits

Knowing your contractor’s / supplier’s OSS Compliance Management maturity is key to reducing internal efforts and avoiding double checking external code and compliance artifacts.

  • Assessment of your contractor’s / supplier’s OSS Compliance Management practices.
  • Product-specific SBOM and OSS compliance artifacts review and verification.

Open Source Program Assessment (+ ISO/IEC 5230:2020 Readiness)

ISO/IEC 5230:2020 (OpenChain 2.1) defines the key requirements of a quality open source license compliance program, and the OpenChain Security Assurance Reference Guide identifies the minimum core set of requirements every Security Assurance program should satisfy.

To be confident in your open source compliance and security posture, FOSSAware offers support and assessment of your open source management program, according to ISO5230 and the OpenChain Security Assurance Guide key requirements.

  • Validation of the existence of all necessary processes and documents.
  • Verification that relevant processes and procedures are being properly executed.
  • Report on the completeness of your Open Source Program, implementation issues, and possible optimizations.

M&A Open Source Due Diligence

Encompassing over two-thirds of the average modern software, open source has become an essential part of software development. Companies involved with technology M&A understand the importance and risks open source software poses to the deal’s value, whether the key asset is a device, software, or service. FOSSAware audits and analyses the key assets to identify and report open source actual and potential risks.

  • OSS risk identification and scoping of assessment based on deal structure, and involved assets.
  • Tool-based code scanning, dependency resolution, and license and security evaluation of OSS components.
  • Creation of complete Software Bill of Materials (SBOM) for in-depth evaluations.
  • Report and recommendation on aspects regarding Open Source compliance and security.
  • Assessing the maturity level of the applied Open Source Software Management program.
Menu

ABOUT

SERVICES

Consulting & Implementation

Managed Services

Audit

INSIGHTS

Contact Us

SHARE THIS PAGE

Skip to content