licens.io Blog

licens.io BlogAI governance, technology due diligence, compliance, and data strategy insights.https://licens.io/Delve and the 494 Fake SOC 2 Reports: What the Compliance Industry Should Learnhttps://licens.io/blog/delve-fake-compliance-soc2-fraud/https://licens.io/blog/delve-fake-compliance-soc2-fraud/A Y Combinator-backed compliance startup allegedly fabricated 494 SOC 2 reports with auditor conclusions pre-written before clients submitted any evidence.Fri, 03 Apr 2026 00:00:00 GMTPrivacy & SecurityJillian BommaritoFive Supply Chain Attacks in Twelve Days: March 2026 Broke Open Source Trusthttps://licens.io/blog/march-2026-supply-chain-attacks/https://licens.io/blog/march-2026-supply-chain-attacks/In twelve days, attackers compromised Trivy, Checkmarx, LiteLLM, Telnyx, and Axios — and the supply chain security model most organizations rely on did not survive.Fri, 03 Apr 2026 00:00:00 GMTPrivacy & SecurityMichael BommaritoSCOTUS Settles It: No Copyright Without a Human Authorhttps://licens.io/blog/scotus-no-copyright-without-human-author/https://licens.io/blog/scotus-no-copyright-without-human-author/The Supreme Court’s denial in Thaler v. Perlmutter leaves one rule standing: if no human authorship exists, there is no copyright.Wed, 04 Mar 2026 00:00:00 GMTData StrategyJillian BommaritoAnthropic at $380B: What a 6x Valuation Jump in 12 Months Tells Us About AI Marketshttps://licens.io/blog/anthropic-380b-valuation-6x-in-12-months/https://licens.io/blog/anthropic-380b-valuation-6x-in-12-months/Anthropic’s move to a $380 billion valuation is more than a headline-grabbing fundraise; it is a useful stress test for how AI markets are pricing growth, scarcity, and risk.Sat, 14 Feb 2026 00:00:00 GMTDue Diligence & ValuationMichael BommaritoMusic Industry Sues Anthropic for $3.1B: AI Training Liability Keeps Growinghttps://licens.io/blog/music-industry-sues-anthropic-3-1-billion/https://licens.io/blog/music-industry-sues-anthropic-3-1-billion/Universal Music, Concord, and ABKCO just turned Anthropic’s training-data problem into a $3.1 billion copyright fight.Fri, 30 Jan 2026 00:00:00 GMTData StrategyJillian BommaritoThree More States, Three More Privacy Laws: 2026 Compliance Starts Nowhttps://licens.io/blog/three-more-state-privacy-laws-2026/https://licens.io/blog/three-more-state-privacy-laws-2026/Indiana, Kentucky, and Rhode Island all went live on January 1, 2026, which means privacy compliance just got a little less optional.Sat, 03 Jan 2026 00:00:00 GMTPrivacy & SecurityJillian BommaritoFederal Preemption of State AI Laws: Trump's December EO and Its Legal Limitshttps://licens.io/blog/trump-ai-eo-preempt-state-laws/https://licens.io/blog/trump-ai-eo-preempt-state-laws/Trump’s December 11 AI order launches a federal challenge to state AI laws, but its legal reach is narrower than the rhetoric suggests.Sat, 13 Dec 2025 00:00:00 GMTAI GovernanceJillian BommaritoSFC v. Vizio: A Court Says GPL Compliance Is a Contractual Dutyhttps://licens.io/blog/sfc-v-vizio-gpl-contractual-duty/https://licens.io/blog/sfc-v-vizio-gpl-contractual-duty/A December 4, 2025 tentative ruling in SFC v. Vizio suggests GPL compliance can sound in contract, not just copyright, with real consequences for end users.Sat, 06 Dec 2025 00:00:00 GMTEngineeringMichael BommaritoCycloneDX 1.7: Patents, Provenance, and the Next Generation of SBOMshttps://licens.io/blog/cyclonedx-1-7-patents-provenance-sboms/https://licens.io/blog/cyclonedx-1-7-patents-provenance-sboms/CycloneDX 1.7 turns SBOMs from static inventories into richer evidence packs with patent metadata, citations, and better cryptographic transparency.Thu, 23 Oct 2025 00:00:00 GMTPrivacy & SecurityMichael BommaritoFASB Rewrites Software Cost Accounting: ASU 2025-06 and What CFOs Need to Knowhttps://licens.io/blog/fasb-asu-2025-06-software-cost-accounting/https://licens.io/blog/fasb-asu-2025-06-software-cost-accounting/FASB’s ASU 2025-06 replaces the old stage-based software capitalization playbook with a single recognition test, forcing CFOs to rethink policy, controls, and valuation.Sat, 20 Sep 2025 00:00:00 GMTDue Diligence & ValuationJillian BommaritoAnthropic's $1.5B Copyright Settlement: What It Means for AI Training Economicshttps://licens.io/blog/anthropic-1-5-billion-copyright-settlement/https://licens.io/blog/anthropic-1-5-billion-copyright-settlement/Anthropic's $1.5 billion settlement shows that copyright risk in AI training data is no longer theoretical; it is a balance-sheet item.Wed, 27 Aug 2025 00:00:00 GMTData StrategyJillian BommaritoEU AI Act Phase 2: GPAI Provider Obligations Are Now Enforceablehttps://licens.io/blog/eu-ai-act-gpai-obligations-enforceable/https://licens.io/blog/eu-ai-act-gpai-obligations-enforceable/As of August 2, 2025, general-purpose AI model providers are no longer waiting on guidance: the EU AI Act’s GPAI obligations are live.Mon, 04 Aug 2025 00:00:00 GMTAI GovernanceJillian BommaritoMeta's $14B Scale AI Deal: The Biggest AI Acqui-Hire in Historyhttps://licens.io/blog/meta-14b-scale-ai-biggest-acqui-hire/https://licens.io/blog/meta-14b-scale-ai-biggest-acqui-hire/Meta’s $14.3 billion Scale AI transaction is a minority-stake deal that looks a lot like an acqui-hire, with major implications for AI valuation and control.Thu, 12 Jun 2025 00:00:00 GMTDue Diligence & ValuationMichael BommaritoCopyright Office Part 3: AI Training on Copyrighted Works Is Not Clearly Fair Usehttps://licens.io/blog/copyright-office-ai-training-not-fair-use/https://licens.io/blog/copyright-office-ai-training-not-fair-use/The Copyright Office’s Part 3 AI report makes one thing plain: training on copyrighted works is not automatically fair use, so provenance and licensing matter now.Sun, 11 May 2025 00:00:00 GMTData StrategyJillian BommaritoNYT v. OpenAI Survives Dismissal: The Copyright Case Moves Forwardhttps://licens.io/blog/nyt-v-openai-survives-dismissal/https://licens.io/blog/nyt-v-openai-survives-dismissal/A federal judge lets the core NYT copyright claims against OpenAI proceed, reinforcing why every AI company needs a real training data provenance strategy.Sun, 06 Apr 2025 00:00:00 GMTData StrategyJillian BommaritoGoogle Buys Wiz for $32B: The Largest Cybersecurity Acquisition in Historyhttps://licens.io/blog/google-buys-wiz-32-billion/https://licens.io/blog/google-buys-wiz-32-billion/Google’s $32 billion agreement to acquire Wiz is a landmark cybersecurity deal, and it says plenty about cloud security, antitrust risk, and valuation discipline.Thu, 20 Mar 2025 00:00:00 GMTDue Diligence & ValuationMichael BommaritoGitHub Actions Compromised: The tj-actions Supply Chain Attackhttps://licens.io/blog/github-actions-tj-actions-supply-chain/https://licens.io/blog/github-actions-tj-actions-supply-chain/A compromised GitHub Action turned a routine changed-files step into a supply chain wake-up call for every CI/CD pipeline.Mon, 17 Mar 2025 00:00:00 GMTPrivacy & SecurityMichael BommaritoFirst Court Rejects AI Fair Use: What Thomson Reuters v. ROSS Means for AI Companieshttps://licens.io/blog/thomson-reuters-v-ross-ai-fair-use/https://licens.io/blog/thomson-reuters-v-ross-ai-fair-use/On February 11, 2025, Judge Bibas rules that using Westlaw headnotes to train a competing legal AI tool is not fair use.Thu, 13 Feb 2025 00:00:00 GMTData StrategyJillian BommaritoEU AI Act Phase 1 Is Live: Prohibited AI Practices You Need to Stop Todayhttps://licens.io/blog/eu-ai-act-prohibited-practices-live/https://licens.io/blog/eu-ai-act-prohibited-practices-live/The EU AI Act’s Article 5 bans are now live, and teams need to stop any prohibited AI practice before regulators do.Tue, 04 Feb 2025 00:00:00 GMTAI GovernanceJillian BommaritoTrump Rescinds the Biden AI Executive Order: What It Means for Your Compliance Programhttps://licens.io/blog/trump-rescinds-biden-ai-executive-order/https://licens.io/blog/trump-rescinds-biden-ai-executive-order/President Trump’s rescission of Executive Order 14110 changes the federal AI posture, but it does not change your underlying compliance obligations.Wed, 22 Jan 2025 00:00:00 GMTAI GovernanceJillian BommaritoFive New State Privacy Laws Take Effect Today: Your 2025 Compliance Checklisthttps://licens.io/blog/five-state-privacy-laws-2025-compliance/https://licens.io/blog/five-state-privacy-laws-2025-compliance/Delaware, Iowa, Nebraska, New Hampshire, and New Jersey are forcing privacy programs to grow up fast, and the safest response is a clean, repeatable checklist.Thu, 02 Jan 2025 00:00:00 GMTPrivacy & SecurityJillian BommaritoThe EU Cyber Resilience Act Enters Into Force: SBOM Mandates for All Digital Productshttps://licens.io/blog/eu-cyber-resilience-act-enters-force/https://licens.io/blog/eu-cyber-resilience-act-enters-force/The EU Cyber Resilience Act is now in force, turning SBOMs, vulnerability reporting, and support-period planning into baseline product discipline.Thu, 12 Dec 2024 00:00:00 GMTPrivacy & SecurityJillian BommaritoOSI Releases the Open Source AI Definition: Most 'Open' AI Models Don't Qualifyhttps://licens.io/blog/osi-open-source-ai-definition/https://licens.io/blog/osi-open-source-ai-definition/OSI's Open Source AI Definition makes clear that most 'open' AI models are really open weights, not open source.Wed, 30 Oct 2024 00:00:00 GMTData StrategyMichael BommaritoFTC Launches Operation AI Comply: Five Companies Charged with AI Washinghttps://licens.io/blog/ftc-operation-ai-comply-ai-washing/https://licens.io/blog/ftc-operation-ai-comply-ai-washing/The FTC's Operation AI Comply shows that AI hype without evidence is now an enforcement problem, not a marketing strategy.Thu, 26 Sep 2024 00:00:00 GMTAI GovernanceJillian BommaritoThe Fed Cuts 50 Basis Points: What It Means for Tech Valuations and M&Ahttps://licens.io/blog/fed-cuts-50-bps-tech-valuations/https://licens.io/blog/fed-cuts-50-bps-tech-valuations/The Fed's first rate cut since 2020 changes the math for tech valuations, 409As, and M&A, but not always in the way founders expect.Thu, 19 Sep 2024 00:00:00 GMTDue Diligence & ValuationMichael BommaritoThe EU AI Act Is Now in Force: Your Timeline Starts Todayhttps://licens.io/blog/eu-ai-act-enters-into-force/https://licens.io/blog/eu-ai-act-enters-into-force/The EU AI Act is now in force, and the first real deadlines - especially the six-month ban on prohibited practices - are already ticking.Fri, 02 Aug 2024 00:00:00 GMTAI GovernanceJillian BommaritoThe CrowdStrike Outage: When Your Security Tool Becomes the Incidenthttps://licens.io/blog/crowdstrike-outage-security-tool-incident/https://licens.io/blog/crowdstrike-outage-security-tool-incident/A faulty CrowdStrike update is a reminder that vendor risk is not a footnote; it can become your outage, your grounding order, and your recovery plan.Sun, 21 Jul 2024 00:00:00 GMTPrivacy & SecurityMichael BommaritoThe Polyfill.io Attack: When Your CDN Turns Against Youhttps://licens.io/blog/polyfill-io-supply-chain-attack/https://licens.io/blog/polyfill-io-supply-chain-attack/The Polyfill.io incident is a reminder that one trusted script tag can become a supply chain liability overnight.Thu, 27 Jun 2024 00:00:00 GMTPrivacy & SecurityMichael BommaritoColorado SB 205: The First US State Law Targeting AI Discriminationhttps://licens.io/blog/colorado-sb-205-ai-discrimination-law/https://licens.io/blog/colorado-sb-205-ai-discrimination-law/Colorado SB 205 is the first state law squarely targeting AI discrimination in consequential decisions, and it rewrites the compliance playbook for people-facing AI.Mon, 20 May 2024 00:00:00 GMTAI GovernanceJillian BommaritoRedis Goes Source-Available: Valkey Fork Launches Within 30 Dayshttps://licens.io/blog/redis-source-available-valkey-fork/https://licens.io/blog/redis-source-available-valkey-fork/Redis's March 2024 license change triggered a rapid Valkey fork, reminding buyers that open-source governance can become a real diligence issue overnight.Thu, 25 Apr 2024 00:00:00 GMTEngineeringMichael BommaritoGPT-4 Passes the Bar Exam — Published in the Royal Societyhttps://licens.io/blog/gpt4-passes-bar-exam-royal-society/https://licens.io/blog/gpt4-passes-bar-exam-royal-society/Our paper in the Royal Society shows why benchmark design matters as much as model size when AI starts testing the boundaries of legal work.Wed, 17 Apr 2024 00:00:00 GMTResearchMichael BommaritoThe xz-utils Backdoor: The Most Sophisticated Supply Chain Attack We've Ever Seenhttps://licens.io/blog/xz-utils-backdoor-supply-chain-attack/https://licens.io/blog/xz-utils-backdoor-supply-chain-attack/A hidden backdoor in xz-utils shows how a patient supply chain attack can turn a routine dependency into a pre-authentication SSH risk.Sun, 31 Mar 2024 00:00:00 GMTPrivacy & SecurityMichael BommaritoEU AI Act Formally Adopted: The Countdown to Compliance Beginshttps://licens.io/blog/eu-ai-act-formally-adopted/https://licens.io/blog/eu-ai-act-formally-adopted/The EU AI Act is adopted, and the compliance clock starts ticking for AI providers, deployers, and their vendors.Mon, 11 Mar 2024 00:00:00 GMTAI GovernanceJillian BommaritoChange Healthcare: $22B Company Brought Down by Missing MFAhttps://licens.io/blog/change-healthcare-ransomware-missing-mfa/https://licens.io/blog/change-healthcare-ransomware-missing-mfa/Change Healthcare’s ransomware outage is a blunt reminder that one internet-facing portal without MFA can jam the pipes of U.S. healthcare.Fri, 23 Feb 2024 00:00:00 GMTPrivacy & SecurityJillian BommaritoKL3M: The First Fairly Trained Large Language Modelhttps://licens.io/blog/kl3m-first-fairly-trained-llm/https://licens.io/blog/kl3m-first-fairly-trained-llm/KL3M shows that large language models can be built on copyright-clean training data, with provenance that enterprises can actually defend.Thu, 08 Feb 2024 00:00:00 GMTResearchMichael BommaritoCISA and FBI Call for Memory Safety Roadmaps: Is C++ on Borrowed Time?https://licens.io/blog/cisa-fbi-memory-safety-roadmaps/https://licens.io/blog/cisa-fbi-memory-safety-roadmaps/CISA and the FBI are turning memory safety from an engineering preference into a board-level issue, and C/C++ is suddenly on the defensive.Thu, 18 Jan 2024 00:00:00 GMTEngineeringMichael BommaritoThe New York Times Sues OpenAI: The Copyright Case That Could Define AI Traininghttps://licens.io/blog/nyt-sues-openai-copyright-ai-training/https://licens.io/blog/nyt-sues-openai-copyright-ai-training/The New York Times' lawsuit against OpenAI and Microsoft turns AI training data provenance, fair use, and output risk into a very expensive conversation.Thu, 28 Dec 2023 00:00:00 GMTData StrategyMichael BommaritoEU AI Act Trilogue Complete: The Final Text and What It Meanshttps://licens.io/blog/eu-ai-act-trilogue-final-text/https://licens.io/blog/eu-ai-act-trilogue-final-text/The EU institutions have reached political agreement on the AI Act, and the first comprehensive AI law in the world is now moving from theory to enforcement.Mon, 11 Dec 2023 00:00:00 GMTAI GovernanceJillian BommaritoThe Bletchley Declaration: 28 Nations Agree on AI Safety (But Not on How)https://licens.io/blog/bletchley-declaration-global-ai-safety/https://licens.io/blog/bletchley-declaration-global-ai-safety/The Bletchley Declaration is a real signal that AI safety has gone global, but the hard part is still turning shared concern into enforceable rules.Fri, 03 Nov 2023 00:00:00 GMTAI GovernanceJillian BommaritoBiden's AI Executive Order: The Most Comprehensive Federal AI Action to Datehttps://licens.io/blog/biden-ai-executive-order-14110/https://licens.io/blog/biden-ai-executive-order-14110/Executive Order 14110 turns AI policy into a real compliance agenda, with federal demands on safety testing, watermarking, privacy, and civil rights.Tue, 31 Oct 2023 00:00:00 GMTAI GovernanceJillian BommaritoMGM Resorts Hacked: Social Engineering Still Beats Technical Controlshttps://licens.io/blog/mgm-resorts-social-engineering-hack/https://licens.io/blog/mgm-resorts-social-engineering-hack/MGM Resorts’ September 2023 cyber incident is a reminder that the easiest path into a hardened environment is often a human with a phone and a reset button.Fri, 01 Sep 2023 00:00:00 GMTPrivacy & SecurityJillian BommaritoHashiCorp Goes BSL: What the Terraform License Change Means for Your Infrastructurehttps://licens.io/blog/hashicorp-bsl-terraform-license-change/https://licens.io/blog/hashicorp-bsl-terraform-license-change/HashiCorp's move to BSL 1.1 for Terraform and other core products changes the rules for vendors, integrators, and anyone packaging infrastructure tooling commercially.Mon, 14 Aug 2023 00:00:00 GMTEngineeringMichael BommaritoSEC Adopts Cybersecurity Disclosure Rules: 4-Day Incident Reporting Beginshttps://licens.io/blog/sec-cybersecurity-disclosure-rules/https://licens.io/blog/sec-cybersecurity-disclosure-rules/The SEC's new cyber rules turn incident response into a filing deadline problem, and the 4-business-day clock starts at materiality.Fri, 14 Jul 2023 00:00:00 GMTPrivacy & SecurityJillian BommaritoThe EU AI Act Passes Parliament: What US Companies Should Start Preparing Nowhttps://licens.io/blog/eu-ai-act-passes-parliament/https://licens.io/blog/eu-ai-act-passes-parliament/The European Parliament's June 14 vote signals that AI governance is moving from theory to enforcement, and U.S. companies need to get their house in order now.Fri, 16 Jun 2023 00:00:00 GMTAI GovernanceJillian BommaritoMeta's EUR 1.2 Billion Fine: The End of Unchecked Transatlantic Data Flowshttps://licens.io/blog/meta-1-2-billion-euro-gdpr-fine/https://licens.io/blog/meta-1-2-billion-euro-gdpr-fine/The Irish DPC's record fine against Meta is a reminder that cross-border data flows need more than SCCs, more than supplementary measures, and definitely more than hope.Mon, 15 May 2023 00:00:00 GMTPrivacy & SecurityJillian BommaritoThe Samsung ChatGPT Leak: Why Every Company Needs an AI Acceptable Use Policyhttps://licens.io/blog/samsung-chatgpt-leak-ai-acceptable-use-policy/https://licens.io/blog/samsung-chatgpt-leak-ai-acceptable-use-policy/Samsung’s ChatGPT leak is a blunt reminder that without an AI acceptable use policy, employees will paste confidential data into whatever tool seems helpful.Fri, 07 Apr 2023 00:00:00 GMTAI GovernanceJillian BommaritoVC Valuation Methodshttps://licens.io/blog/vc-valuation-methods/https://licens.io/blog/vc-valuation-methods/The methods behind valuations used in venture capital are a breed unlike the [operational valuations](/blog/valuation-101/) we’ve discussed in our prior posts.Wed, 14 Dec 2022 13:41:29 GMTDue Diligence & ValuationMichael Bommarito409A Valuationshttps://licens.io/blog/409a-valuation/https://licens.io/blog/409a-valuation/It’s not often that you can reference a specific section of the Internal Revenue Code by number and have a wide audience understand what it refers to; Section 409A is a member of this elite club (like.Mon, 12 Dec 2022 16:51:15 GMTDue Diligence & ValuationMichael BommaritoValuation for Financial Reportinghttps://licens.io/blog/valuation-for-financial-reporting/https://licens.io/blog/valuation-for-financial-reporting/Perhaps you read our [Valuation 101](/blog/valuation-101/) intro post and thought to yourself “wow, I wish they had talked even more about valuation under GAAP!” If so, today is.Thu, 25 Aug 2022 16:29:13 GMTDue Diligence & ValuationMichael BommaritoValuation 101https://licens.io/blog/valuation-101/https://licens.io/blog/valuation-101/In theory, a valuation is simply the estimated worth of an asset, liability, or company.Tue, 23 Aug 2022 14:37:22 GMTDue Diligence & ValuationMichael BommaritoFundraising 101: Preferred Shareshttps://licens.io/blog/fundraising-101-preferred-shares/https://licens.io/blog/fundraising-101-preferred-shares/**Today’s post is brought to you by one of our fabulous interns – Ann Zhang.**.Thu, 14 Jul 2022 13:27:16 GMTDue Diligence & ValuationMichael BommaritoSecuring Debt with Intangible Assetshttps://licens.io/blog/securing-debt-with-intangible-assets/https://licens.io/blog/securing-debt-with-intangible-assets/In early-stage companies, debt financing is often only used in the specific context of convertible loans.Wed, 01 Jun 2022 22:18:46 GMTDue Diligence & ValuationMichael BommaritoFundraising 101: Debt vs. Equityhttps://licens.io/blog/fundraising-101-debt-vs-equity/https://licens.io/blog/fundraising-101-debt-vs-equity/Within finance, capital refers to the corporate securities that have been issued.Mon, 23 May 2022 13:46:56 GMTDue Diligence & ValuationMichael BommaritoWhy You Need a Privacy Pro on Your Advisory Boardhttps://licens.io/blog/why-you-need-a-privacy-pro-on-your-advisory-board/https://licens.io/blog/why-you-need-a-privacy-pro-on-your-advisory-board/There are many “strategies” when it comes to drafting an advisory board for startups.Fri, 29 Apr 2022 11:58:48 GMTPrivacy & SecurityJillian BommaritoShift Left for Data: Data Processing Agreements and Data Bills of Materialhttps://licens.io/blog/shift-left-for-data/https://licens.io/blog/shift-left-for-data/It’s hard to make it very far these days without hearing the phrase “Shift Left.” While some argue that Shift Left is just following CMMI and PMBOK practices, it’s clear that the DevOps and DevSecOps .Tue, 26 Apr 2022 22:55:55 GMTData StrategyJillian BommaritoSoftware Escrow is Dead; Long Live AI Escrow!https://licens.io/blog/software-escrow-is-dead-long-live-ai-escrow/https://licens.io/blog/software-escrow-is-dead-long-live-ai-escrow/Through time immemorial, attorneys negotiating technology deals have recommended that software licensees push for escrow of source code.Tue, 19 Apr 2022 07:54:08 GMTAI GovernanceMichael BommaritoWhy You Really Need a Data BOM, Not a Software BOMhttps://licens.io/blog/why-you-really-need-a-data-bom/https://licens.io/blog/why-you-really-need-a-data-bom/The [**Bill of Materials (BOM)** concept has taken over the world of software](sbom), but should most organizations be focused on **Data Bills of Material (DBOM)** instead?.Mon, 18 Apr 2022 07:59:19 GMTData StrategyMichael BommaritoStrategic Acquisition + Tech Assets: the Good, the Bad, and the Underlyinghttps://licens.io/blog/strategic-acquisition-tech-assets/https://licens.io/blog/strategic-acquisition-tech-assets/When it comes to strategic acquisitions, few opportunities can present as much promise or peril as tech assets.Sat, 16 Apr 2022 16:32:13 GMTDue Diligence & ValuationMichael BommaritoFour Reasons Why SCA Isn’t Solving Your Supply Chain Security Issueshttps://licens.io/blog/sca-supply-chain-issues/https://licens.io/blog/sca-supply-chain-issues/Both types of SCA – [software composition analysis](/blog/software-composition-analysis-limitations/) and static code analysis – can play a crucial role in identifying and remed.Tue, 05 Apr 2022 10:18:37 GMTPrivacy & SecurityMichael BommaritoWhat is Software Composition Analysis and What Are the Limitations?https://licens.io/blog/software-composition-analysis-limitations/https://licens.io/blog/software-composition-analysis-limitations/Software Composition Analysis (SCA – yes…*another* SCA) is a type of analysis designed to identify and document software components.Tue, 05 Apr 2022 10:00:23 GMTPrivacy & SecurityMichael BommaritoLicens.io CEO Among First Global Independent AI Auditorshttps://licens.io/blog/licensio-ceo-among-first-global-independent-ai-auditors/https://licens.io/blog/licensio-ceo-among-first-global-independent-ai-auditors/**MICHIGAN, APRIL 1, 2021** – At Licens.io, interdisciplinary experience and cross-disciplinary collaboration are fundamental values.Fri, 01 Apr 2022 10:00:50 GMTAI GovernanceJillian BommaritoSBOMs: the Premise, the Promise, the Perilhttps://licens.io/blog/sboms-the-premise-the-promise-the-peril/https://licens.io/blog/sboms-the-premise-the-promise-the-peril/Are software bills of material (SBOM) the solution to your software woes? While there are opinions on both sides, the White House has begun to promote their use.Wed, 30 Mar 2022 22:39:56 GMTPrivacy & SecurityMichael BommaritoHow Data Provenance Drives Machine Learning Risk + Valuehttps://licens.io/blog/data-provenance-drives-machine-learning-risk-value/https://licens.io/blog/data-provenance-drives-machine-learning-risk-value/For many, provenance is a foreign term, frequently (and ironically) confused with the Provence region of France.Sat, 26 Mar 2022 13:12:56 GMTAI GovernanceMichael BommaritoAI without Compliance: A Cautionary Tale of FTC Enforcementhttps://licens.io/blog/ai-without-compliance-a-cautionary-tale-of-ftc-enforcement/https://licens.io/blog/ai-without-compliance-a-cautionary-tale-of-ftc-enforcement/First, software was eating the world; now, it’s supposedly AI – or the data used to create that AI – that’s eating the world.Fri, 25 Mar 2022 20:25:56 GMTAI GovernanceJillian BommaritoThe Exponentially Zero Valuation of IPython — or, Why Valuing Software is so Hard.https://licens.io/blog/why-valuing-software-is-so-hard/https://licens.io/blog/why-valuing-software-is-so-hard/A [CPA and recovering financial engineer](/about/team/) sit down at a bar.Thu, 10 Feb 2022 12:19:41 GMTDue Diligence & ValuationMichael BommaritoSnake JARs, Part III: Data Science Sssssss-securityhttps://licens.io/blog/snake-jars-part-iii-data-science-security/https://licens.io/blog/snake-jars-part-iii-data-science-security/In this series, we’ve been talking about cross-language dependencies — in particular, Python packages vendoring Java JARs.Wed, 09 Feb 2022 11:15:35 GMTPrivacy & SecurityMichael BommaritoReleasing our Responsible Data Science Policy Frameworkhttps://licens.io/blog/responsible-data-science-policy-framework/https://licens.io/blog/responsible-data-science-policy-framework/[**FICO recently surveyed over 100 of the world’s largest, most sophisticated organizations**](https://www.fico.com/en/latest-thinking/analystpartner-collateral/building-ai-driven-enterprises-disrupte.Sun, 17 Oct 2021 18:23:54 GMTAI GovernanceJillian BommaritoESG: G is for Governancehttps://licens.io/blog/esg-governance/https://licens.io/blog/esg-governance/You may have noticed that regulations and standards have played a frequent role in our discussions of “E is for Environment” and “[S is for Social](htt.Mon, 27 Sep 2021 13:20:40 GMTAI GovernanceJillian BommaritoWhat is Static Code Analysis?https://licens.io/blog/what-is-static-code-analysis/https://licens.io/blog/what-is-static-code-analysis/Static code analysis (not to be confused with [software composition analysis](/blog/software-composition-analysis-limitations/), which is also abbreviated as SCA) is a critical .Thu, 01 Jul 2021 15:00:24 GMTEngineeringMichael BommaritoWhat are software dependencies?https://licens.io/blog/what-are-software-dependencies/https://licens.io/blog/what-are-software-dependencies/You wouldn’t think that a 16th century poet from England would know much about software.Sun, 13 Jun 2021 16:02:08 GMTEngineeringMichael Bommarito