NVD overload: Unveiling a hidden crisis in vulnerability management

By Aaron Linskens on March 15, 2024 vulnerabilities

5 minute read time

Learn about a critical yet underreported issue in the National Vulnerability Database (NVD) that could have global impact for cybersecurity infrastructure
Read More...

Embracing the AI revolution: Navigating the impact on developers

By Aaron Linskens on March 04, 2024 Software Supply Chain

4 minute read time

Explore Sonatype's whitepaper, The Effects of AI on Developers, highlighting the challenges, opportunities, and transformative effects generative AI.
Read More...

What are the elements of an SBOM?

By Aaron Linskens on February 29, 2024 software bill of materials

7 minute read time

Discover what exactly makes up an SBOM and why generating and managing SBOMs helps level up your cybersecurity and better secure your software
Read More...

Why SBOMs are essential for every organization

By Aaron Linskens on February 21, 2024 Cybersecurity

6 minute read time

Explore the big role of software bills of materials (SBOMs) in enhancing cybersecurity, managing vulnerabilities, and ensuring compliance with regulations
Read More...

Software dependencies: A beginner's guide

By Aaron Linskens on October 27, 2023 Software Supply Chain

5 minute read time

Explore software dependencies, their two main categories of direct and transitive, and find out how to manage software dependencies at scale
Read More...

Dependency mapping: A beginner's guide

By Aaron Linskens on October 20, 2023 vulnerabilities

8 minute read time

Explore dependency mapping, what it is, the benefits of mapping dependencies, and some tools that make the process easier.
Read More...

npm manifest confusion – What is it and do you really need to worry about it?

By Ax Sharma on June 28, 2023 npm

4 minute read time

npm manifest confusion – what is it and do you really need to worry about it?
Read More...

Rule over your dependencies and scan at your own open source risk

By Aaron Linskens on September 13, 2022 vulnerabilities

5 minute read time

A good way to make sure that your organization's vulnerabilities don't go unnoticed is conducting regular scans of open source used in your environments.
Read More...

Why are dependency confusion attacks not going away?

By Ax Sharma on February 09, 2022 dependencies

4 minute read time

Sonatype has caught more than 63,000 suspicious packages, the majority of which are dependency confusion candidates. Why are these attacks not going away?
Read More...