In the Dark about Software Supply Chain Vulnerabilities

By Matt Howard on May 16, 2019 vulnerability

2 minute read time

The Barium attacks, revealed earlier this month, highlight new, pervasive tactics that are exceptionally dangerous.
Read More...

Alexa: What’s the Future of Cyber Security?

By Katie McCaskey on May 02, 2019 devsecops

5 minute read time

The software supply chain connects everyone and everything but attacks to this connected web can be blatant and overt, with damaging consequences - especially.
Read More...

US Energy and Commerce Committee: 6 Strategies for Modern Cybersecurity Risks

By Ilkka Turunen on December 18, 2018 software bill of materials

5 minute read time

On the 12th of December the Subcommittee on oversight and investigations released an additional report identifying the core strategies organisations can take.
Read More...

The Weakest Link Might be Your Supply Chain: Just Ask The Pentagon

By Matt Howard on August 13, 2018 devsecops

2 minute read time

Whether you’re talking about software applications, or national security, there is an imminent need to better understand who you’re doing business with, and.
Read More...

What can we learn from 200 Billion JavaScript downloads

By Derek Weeks on February 08, 2018 Javascript

6 minute read time

JavaScript packages downloaded from the npm repository now tops 200 billion downloads annually. We dissect what that means for the open source community.
Read More...

Strengthening Software Supply Chains for Everyone: Why Grafeas is a Great Idea

By Brian Fox on October 17, 2017 Nexus Lifecycle

2 minute read time

In keeping with our long standing commitment to open innovation — Sonatype is excited to add unique value to the Grafeas community so organizations everywhere.
Read More...