www.revenera.com Open in urlscan Pro
2a04:4e42:400::645  Public Scan

Form analysis
1 forms found in the DOM

POST https://revenera.us6.list-manage.com/subscribe/post?u=5ea1febf84b75778ce8112d9f&id=485e565b5b&c=callback

<form action="https://revenera.us6.list-manage.com/subscribe/post?u=5ea1febf84b75778ce8112d9f&amp;id=485e565b5b&amp;c=callback" method="post" target="_blank" novalidate="" id="subscribe-form" class="u-mt-5">
  <div id="honeypot" aria-hidden="true">
    <input type="text" id="js-validate-robot" class="validate-robot" name="b_5ea1febf84b75778ce8112d9f_865f1cfac0" tabindex="-1" value="">
  </div>
  <div class="input-group" id="subscribe-form-body">
    <div id="js-form-inputs">
      <input type="email" name="EMAIL" id="mce-EMAIL" value="" placeholder="Email" class="input-group-field">
    </div>
    <button type="submit" name="subscribe" id="mc-embedded-subscribe" class="input-group-button button">Subscribe</button>
  </div>
  <p id="js-subscribe-response-error"></p>
  <h3 id="js-subscribe-response-success"></h3>
</form>

Text Content

___

 * Software Monetization
   
    * Business Solutions
    * Flexible Monetization Models
    * Monetize IoT - From the Edge to the Cloud
    * Monetizing SaaS Applications
    * Manage and Protect Devices
    * Build Better Products with Software Usage Analytics
    * Turn Software Piracy into Revenue
   
    * Products
    * Entitlement Management
    * Software Licensing
    * Software Delivery and Updates
    * Usage Intelligence
    * Compliance Intelligence
    * Renewals and Customer Growth
   
    * Services
    * Monetization Advisory Services
    * Implementation Services
    * Training
    * Cloud Transformation
    * Revenue Recovery Services
   
    * Resources
    * Blog
    * Case Studies
    * Glossary
    * Webinars & Events
    * White Papers & Reports

 * Software Composition Analysis
   
    * Business Solutions
    * The Software Bill of Materials (SBOM)
    * Shift-Left and Automate Compliance Checks
    * Open Source Software License Compliance
    * Open Source Vulnerability Management
   
    * Products
    * SBOM Management
    * Scan and Analysis
   
    * Audits & Services
    * Open Source Audits
    * M&A Support
   
    * Resources
    * Getting Started with SBOMs
    * Blog
    * Podcast & Videos
    * Webinars & Events
    * White Papers & Reports

 * Installation
   
    * Products
    * InstallShield
    * InstallAnywhere
   
    * Services
    * InstallShield Training
    * InstallShield MicroConsulting
    * Design & Development Consulting
   
    * Resources
    * Blog
    * Case Studies
    * Webinars & Events
    * White Papers & Reports

 * About Us
   
    * About Us
    * Leadership
    * Media/Press Center
    * Partners
    * Careers
    * Diversity
    * Contact Us

 * 

 * Community
 * EN
   
   * * English
     * Deutsch
 * 
 * Community
 * Deutsch
 * +1.800.374.4353 +1.800.374.4353
 * Contact Us Contact Us

 1. Home
 2. Blog
 3. Software Composition Analysis
 4. The Evolving Role of Software Security and License Compliance

Subscribe Subscribe
Topics

Software Monetization Software Composition Analysis Software Installation

Software Composition Analysis


THE EVOLVING ROLE OF SOFTWARE SECURITY AND LICENSE COMPLIANCE

Kendra Morton
June 29, 2023

Share this post




If the past few years in software security and license compliance showed us
anything, it’s that threat actors will continue to find a way in. The discovery
of vulnerabilities and ongoing exploits demonstrate how there is no end to
security iterations. New variations, additional patches, and further strategies
for protection will continuously materialize.

Yet, while this space grows increasingly complicated, the evolution of
technology that supports software security and license compliance is narrowing
the gap for businesses. A great example is the recent release of the OpenChain
Security Assurance Specification, offering a new opportunity for businesses to
self-certify in security compliance.

How Should Security and License Compliance Guidance Evolve as Technology
Continues to Innovate?

Security practices are always changing as new attack vectors present themselves.
While security teams may not be able to predict what happens next, they can
focus on creating adaptable process management in order to evolve to counter
future threat actors.

As compliance guidance has expanded, businesses can now cover more bases with
fewer resources. Existing Open Chain guidance for license compliance – and now
security compliance – gives companies a checklist they can complete
independently.

The availability of tools like code scanning, using SBOMs as part of a
structured solution, and open source software management make security more
approachable than ever before. Even on a consumer level, the simplest actions
often have the greatest impacts:

 * Train Your People – Commit to learning more about how compliance works and
   why it’s important will help your team better manage security over time.

 * Raise Awareness – With available documentation and self-certification
   opportunities, you can increase the baseline awareness around security and
   license compliance.

 * Conduct Retrospectives – Continually assess your compliance and security
   practices; invest in the time and resources to mitigate risk.

As technology continues to innovate, there are more resources than ever before
for companies to turn to. Yet, the baseline practices of returning to your
product, rechecking it over time, and being aware of what components it uses are
still vital. As Shane Coughlan, OpenChain General Manager, states:

“Continually iterate, continually improve, continually evolve to make sure
you’re doing the appropriate thing for your market domain.” 

How Does the Security Addition to the OpenChain Guidance Integrate into the
Existing License Compliance Content?

Since its launch in 2016, OpenChain’s standard management process has become a
useful set of guidelines for markets across the globe. In 2020, their open
source license compliance was given a global standard, ISO/IEC 5230:2020. More
recently, OpenChain has released its Security Assurance Specification.

OpenChain’s License Compliance and its Security Compliance are not identical
notions, nor is one a subsection of the other. For companies that already use
the license compliance guidance, OpenChian has designed the standards to work in
tandem, making jumping from one to the other easy.

The compliance detailed in OpenChain Security Assurance includes the fundamental
processes that should be covered and some specific security measures. Like its
predecessor, it acts as a light touch that points companies in the right
direction. It also provides a self-certification checklist and questionnaire.

If You’re OpenChain Conformant with License Compliance, Do You Have to Recertify
in Security Compliance?

As OpenChain’s License Compliance and Security Compliance are two distinct
specifications, users must recertify. Both specifications are designed as a
checklist of key requirements for a quality program. Businesses can identify
where they may be lacking by working through each point on this specification.

This creates a flexible jumping-off point, helping businesses to approach
security at their own pace and directly in line with the specific improvements
they must make. It also allows businesses to further set the ball in motion
toward building up a better base of security. For example, if a company hasn’t
yet told their staff they’re using open source software, they could send out a
company-wide email as their very first iteration of that specification point.

With guidance like that provided by OpenChain, a range of useful tech solutions,
and platforms that facilitate the software security and license compliance
process, the software supply chain is evolving rapidly.

If you’d like to explore other trends and practices related to supply chain
maturity, tune into Revenera’s Open Source Exchange.

Related posts:
 * The Role of OpenChain Conformance
 * What is a Software Bill of Materials (SBOM)?
 * The Need for Ongoing Software Developer Training
 * Software Monetization Trends, Models, and Implementation Strategies –
   SoftSummit 2022 Breakdown
 * 13 Things Auto Manufacturers Should Do to Manage Open Source License
   Compliance


WANT TO KNOW MORE?

Technology is evolving rapidly—and it's important to stay on top of the latest
trends and critical insights. Check out the latest resources related to Software
Composition Analysis below.

Software Composition Analysis


WHAT YOU NEED TO KNOW ABOUT THE VULNERABILITY FOUND IN LIBCURL AND CURL

October 11, 2023

Software Composition Analysis


KEY DEFINITIONS RELATED TO SBOM MANAGEMENT

October 4, 2023

Software Composition Analysis


13 THINGS AUTO MANUFACTURERS SHOULD DO TO MANAGE OPEN SOURCE LICENSE COMPLIANCE

September 28, 2023

Software Composition Analysis


IMPACT OF RUNTIME DEPENDENCIES AND NON-RUNTIME DEPENDENCIES IN YOUR DEVSECOPS
PROCESSES

August 17, 2023


STAY CONNECTED

Subscribe to receive new posts by email.

Subscribe Subscribe

HAVE ANY FEEDBACK OR QUESTIONS?

We'd love to hear from you.

Get in touch

REVENERA COMMUNITY

Documentation, technical support, forums, learning resources and more.

Community
 1. Home

ABOUT US

 * Overview
 * About Us
 * Leadership
 * Media/Press Center
 * Partners
 * Careers
 * Diversity
 * Contact Us

RESOURCES

 * Overview
 * All Resources
 * Blog
 * Case Studies
 * Data Sheets
 * Demos & Trials
 * Glossary
 * Podcasts
 * Videos
 * Webinars & Events
 * White Papers & Industry Reports

SOFTWARE MONETIZATION

 * Overview
 * Business Solutions
 * Flexible Monetization Models
 * Monetize IoT - From the Edge to the Cloud
 * Monetizing SaaS Applications
 * Manage and Protect Devices
 * Build Better Products with Software Usage Analytics
 * Turn Software Piracy into Revenue
 * Products
 * Entitlement Management
 * Software Licensing
 * Software Delivery and Updates
 * Usage Intelligence
 * Compliance Intelligence
 * Renewals and Customer Growth
 * Services
 * Monetization Advisory Services
 * Implementation Services
 * Training
 * Cloud Transformation
 * Revenue Recovery Services
 * Industries
 * Software & SaaS
 * Manufacturing & Industrial Automation
 * Networking
 * Medical Devices

SOFTWARE COMPOSITION ANALYSIS

 * Overview
 * Business Solutions
 * The Software Bill of Materials (SBOM)
 * Shift-Left and Automate Compliance Checks
 * Open Source Software License Compliance
 * Open Source Vulnerability Management
 * Products
 * SBOM Management
 * Scan and Analysis
 * Audits & Services
 * Open Source Audits
 * M&A Support

INSTALLATION

 * Overview
 * Products
 * InstallShield
 * InstallAnywhere
 * Services
 * InstallShield Training
 * InstallShield MicroConsulting
 * Design & Development Consulting

+1.800.374.4353

Contact Us Contact Us Revenera Community Revenera Community Flexera.com
Flexera.com
 * 
 * 
 * 
 * 

English Deutsch

© 2024 Flexera Software. All Rights Reserved.

 * Privacy Policy
 * Terms and conditions
 * Contact Us

×

Get updates delivered to your inbox


Subscribe












This website uses cookies
This website uses cookies to improve user experience. By using our website you
consent to all cookies in accordance with our Cookie Policy. Read more

Strictly necessary

Performance

Targeting

Functionality
Save & Close
Accept all
Decline all