Featured Article

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

OWASP Top 10 overview

By Erik Dietrich on June 22, 2020 OWASP

4 minute read time

Caroline Wong is a Chief Strategy Officer who teaches the OWASP Top 10. She uses memorable analogies to explain all ten.
Read More...
documentation
READ MORE

Using a software bill of materials (SBOM) is going mainstream

3 minute read time

Crazy: OWASP A9 is about to turn seven and the DevSecOps Community Survey shows less than half of organizations can produce a Software Bill of Materials.
Read More...
GettyImages-867236268
READ MORE

The Three R’s of Software Supply Chains: Reject, Replace, and Respond

By Curtis Yanko on September 09, 2019 devops best practices

7 minute read time

OWASP A9 has been around for over 6 years now. These three R's helps enterprise security manage their software supply chains: Reject, Replace, Respond.
Read More...
Bill Curtis - Featured Image - v02
READ MORE

HackNYC 2018: Preview with Dr. Bill Curtis [Podcast]

By Mark Miller on February 01, 2018 OWASP

1 minute read time

In May, at HackNYC 2018 in New York City, Dr.
Read More...
Thoughts on Security
READ MORE

Thoughts on Security in the Modern Software Supply Chain [Podcast Interview]

By Mark Miller on January 15, 2018 OWASP

1 minute read time

A conversations about government vs public software security, the OWASP Top 10 and common security patterns in large scale projects.
Read More...