Wow, v1.6 comes with a new vulnerability alert that will also ping you, if older versions are affected by a newly announce vulnerability. This will bring your customer support to new levels In addition your compliance managers will spread happiness because the new inbox provides great support on approval requests...

Since the Equifax event, the management of known vulnerabilities gain more and more attention. Despite this new interest, the topic already is older. A lot of work has been invested in structuring the effort. This article summarizes the most relevant abbreviations and concepts and directs towards further reading.

EACG - the mother company of TrustSource - agrees with the Linux Foundation on partnership concerning the OpenChain project. OpenChain is creating a specification that gives companies orientation on how to apply open source sustainably and compliant. This strengthens EACGs efforts to support and grow the acceptance of open source as a reliable foundation for growth and innovation even to smaller businesses. The specification supplements the technical solution TrustSource in an optimal way.

Version v1.5 has been released! The new version comes with powerful new features such as a CVE impact analysis, showing you on one click the impact a particular CVE has on your complete project portfolio (if managed via TrustSource). Reporting has been even further improved with a new and improved bill of materials as well as PDF-capabilities. Read on...

The assumption that a published source code on github or sourceforge automatically is a free and open to use source is wrong. This article explains the background and shows how to cope with the challenges resulting from the legal situation.

the new release (v1.4) of TrustSource is there! Besides some improvements and fixes, especially in the vulnerability matching, we have added many new features improving work efficiency. An inbox has been added as well as CVSS scores, attack vector information and a new vulnerability feed...

At this event two open source professionals will share their experience in introducing open source governance. Besides the current legal situation some lessons learned form the introduction of open source governance will be presented.