Featured Article

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

7 minute read time

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More...

The essential duo of SCA and SBOM management

By Aaron Linskens on April 12, 2024 software bill of materials

5 minute read time

Explore software composition analysis (SCA) and software bill of materials (SBOM) management and why both help fortify software projects against threats

Read More...

Automating and maintaining SBOMs

By Mahesh Raj Mohan on April 05, 2024 software bill of materials

4 minute read time

Explore strategies for automating software bills of materials (SBOMs) management, focusing on the enhancement of operational efficiency and compliance

Read More...

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

11 minute read time

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks

Read More...

SBOM, VDR, and Maven: Transforming the Apache Logging experience to a common pattern

By Hervé Boutemy on March 29, 2024 vulnerabilities

8 minute read time

CycloneDX Maven Plugin helps publish software bills of materials (SBOMs) and vulnerability disclosure reports (VDRs) and benefits open source projects

Read More...

Cyber readiness and SBOMs

By Aaron Linskens on March 26, 2024 webinar

4 minute read time

ATARC hosted a webinar “Unlocking Cyber Readiness with SBOMs” on the role of software bills of materials (SBOMs) to enhance cybersecurity frameworks

Read More...

Open source ML/AI models: attackers' next target

By Ax Sharma on March 22, 2024

7 minute read time

Disclosing several open source ML/AI models that demonstrate some of the ways in which malware can creep onto AI platforms.

Read More...

How to integrate SBOMs into the software development life cycle

By Stephen Magill on March 20, 2024 SDLC

4 minute read time

Discover strategies for incorporating software bills of materials (SBOMs) into your software development life cycle (SDLC)

Read More...

Streamline your SBOM management with SBOM Manager

By Omar Torres on March 19, 2024 Product Release

4 minute read time

Discover Sonatype's new world-class tool designed to streamline the way you manage software bills of materials (SBOMs) across all of your software

Read More...

Next