Skip Navigation

Brian Fox

Brian Fox is a software developer, innovator and entrepreneur. He is an active contributor within the open source development community, most prominently as a member of the Apache Software Foundation and former Chair of the Apache Maven project. As the CTO and co-founder of Sonatype, he is focused on building a platform for developers and DevOps professionals to build high-quality, secure applications with open source components.

A demand for real consequences: Sonatype's response to CISA's Secure by Design

By Brian Fox on February 23, 2024 thought leaders

7 minute read time

Sonatype's founder and CTO Brian Fox discusses more stringent enforcement mechanisms to encourage wider adoption of secure development practices

White House National Cybersecurity Strategy: Landmark action for a critical threat

By Brian Fox on March 02, 2023 Cybersecurity

5 minute read time

The Biden administration announced a new, historic National Cybersecurity Strategy calling for cybersecurity liability and increased investment.

Is cyber liability insurance a moral hazard in the US?

By Brian Fox on February 22, 2023 secure software supply chain

8 minute read time

Sonatype CTO and co-founder, Brian Fox, shares his thoughts on the developing role of cyber liability insurance in software supply chain management.

Make sure your company is prepared for evolving software liability regulations

By Brian Fox on February 09, 2023 thought leaders

13 minute read time

Organizations should understand changes to liability and government regulation, and have the proper tools in place to protect their software supply chains.

The shifting landscape of open source supply chain attacks - Part 3

By Brian Fox on January 26, 2023 thought leaders

12 minute read time

Brian Fox shares insights on who’s responsible for the security of software supply chains, and how orgs can minimize impact on efficiency and speed.

The shifting landscape of open source supply chain attacks - Part 2

By Brian Fox on January 25, 2023 thought leaders

11 minute read time

Sonatype's Brian Fox delves into how bad actors and cybercriminals are attacking the software supply chain, and how cyberattacks continue to evolve.

The shifting landscape of open source supply chain attacks - Part 1

By Brian Fox on January 24, 2023 thought leaders

8 minute read time

A deep dive into how modern supply chains manage problems, and how companies looking to secure their software supply chains can learn from their mistakes.

EU Cyber Resilience Act: Good for software supply chain security, bad for open source?

By Brian Fox on December 22, 2022 secure software supply chain

10 minute read time

The Cyber Resilience Act is the European Union's proposed regulation to combat threats affecting any digital entity. What does that mean for open source?

A clear path forward toward more secure and maintainable open source software

By Brian Fox on May 13, 2022 featured

7 minute read time

Sonatype CTO shares thoughts following conversations, led by OpenSSF, where industry and government came together to discuss securing open source software.