Blog

Four Reasons Why SCA Isn’t Solving Your Supply Chain Security Issues
Privacy & Security

Four Reasons Why SCA Isn’t Solving Your Supply Chain Security Issues

Both types of SCA – [software composition analysis](/blog/software-composition-analysis-limitations/) and static code analysis – can play a crucial role in identifying and remed.

Read more
What is Software Composition Analysis and What Are the Limitations?
Privacy & Security

What is Software Composition Analysis and What Are the Limitations?

Software Composition Analysis (SCA – yes…*another* SCA) is a type of analysis designed to identify and document software components.

Read more
Licens.io CEO Among First Global Independent AI Auditors
AI Governance

Licens.io CEO Among First Global Independent AI Auditors

**MICHIGAN, APRIL 1, 2021** – At Licens.io, interdisciplinary experience and cross-disciplinary collaboration are fundamental values.

Read more
SBOMs: the Premise, the Promise, the Peril
Privacy & Security

SBOMs: the Premise, the Promise, the Peril

Are software bills of material (SBOM) the solution to your software woes? While there are opinions on both sides, the White House has begun to promote their use.

Read more
How Data Provenance Drives Machine Learning Risk + Value
AI Governance

How Data Provenance Drives Machine Learning Risk + Value

For many, provenance is a foreign term, frequently (and ironically) confused with the Provence region of France.

Read more
AI without Compliance: A Cautionary Tale of FTC Enforcement
AI Governance

AI without Compliance: A Cautionary Tale of FTC Enforcement

First, software was eating the world; now, it’s supposedly AI – or the data used to create that AI – that’s eating the world.

Read more
The Exponentially Zero Valuation of IPython — or, Why Valuing Software is so Hard.
Due Diligence & Valuation

The Exponentially Zero Valuation of IPython — or, Why Valuing Software is so Hard.

A [CPA and recovering financial engineer](/about/team/) sit down at a bar.

Read more
Snake JARs, Part III: Data Science Sssssss-security
Privacy & Security

Snake JARs, Part III: Data Science Sssssss-security

In this series, we’ve been talking about cross-language dependencies — in particular, Python packages vendoring Java JARs.

Read more
Releasing our Responsible Data Science Policy Framework
AI Governance

Releasing our Responsible Data Science Policy Framework

[**FICO recently surveyed over 100 of the world’s largest, most sophisticated organizations**](https://www.fico.com/en/latest-thinking/analystpartner-collateral/building-ai-driven-enterprises-disrupte.

Read more
ESG: G is for Governance
AI Governance

ESG: G is for Governance

You may have noticed that regulations and standards have played a frequent role in our discussions of “E is for Environment” and “[S is for Social](htt.

Read more
What is Static Code Analysis?
Engineering

What is Static Code Analysis?

Static code analysis (not to be confused with [software composition analysis](/blog/software-composition-analysis-limitations/), which is also abbreviated as SCA) is a critical .

Read more
AI & Data

The Linux Foundation's Community Data License Agreement

The Linux Foundation's CDLA-Permissive-2.0 removes the attribution requirement that made the original version impractical for combined datasets, creating a straightforward permissive license for sharing data in AI and ML projects.

Read more