Sonatype Selected by Equifax to Support OS Governance Press Release
blog-logo Sonatype Blog

Brian Fox

Brian Fox is a software developer, innovator and entrepreneur. He is an active contributor within the open source development community, most prominently as a member of the Apache Software Foundation and former Chair of the Apache Maven project. As the CTO and co-founder of Sonatype, he is focused on building a platform for developers and DevOps professionals to build high-quality, secure applications with open source components.

Follow me on:
GettyImages-115970967
READ MORE

Anonymous Access In Nexus Repository is Not A Zero-Day Vulnerability

By Brian Fox on July 02, 2019 Nexus Repository
A researcher contacted us about an issue in Nexus Repository, stemming from user access settings. This was not a zero day, but a product feature UX change, to make it easier to be more secure - we
Read More...
crime scene
READ MORE

Open Source Software Is Under Attack; New Event-Stream Hack Is Latest Proof

By Brian Fox on November 27, 2018 vulnerabilities
Open source software is under attack, and the malicious attack on the popular npm event-stream 3 package, is just the latest proof.
Read More...
LC 1
READ MORE

Deja Vu All Over Again - Another New Apache Struts Vulnerability (CVE-2018-11776)

By Brian Fox on August 23, 2018 Nexus Lifecycle
Another remote code execution vulnerability in Apache’s Struts2 Framework was disclosed on August 22, 2018. Everything you need to know and how to find out if you're affected.
Read More...
code-coding-computer-34676
READ MORE

Microsoft and Github: Open source’s future is brighter than ever

By Brian Fox on June 13, 2018 github
With Microsoft’s resources behind a great company like GitHub, the future of secure, quality open source looks brighter than ever.
Read More...
GettyImages-916083808
READ MORE

Making sure our users don't zip-slip and fall

By Brian Fox on June 05, 2018 The Central Repository
Sonatype has provided The Central Repository for over a decade and we take security of the users very seriously. Once we became aware of the zip-slip vulnerability, we wanted to to ensure Central
Read More...
READ MORE

Enhancing SSL Security and HTTP/2 support for Central

By Brian Fox on May 21, 2018 Central
TLS and HTTP/2 changes coming to central
Read More...
GDPR-Article 25
READ MORE

Secure By Design: Preparing for GDPR Should Begin With Software

By Brian Fox on May 10, 2018 data protection
To ensure GDPR compliance, appropriate safeguards must be put in place across the entire software lifecycle.
Read More...
CVE-2017-8046 Downloads-1.jpg
READ MORE

Fooled twice by the same open source problem? Shame on you. The data behind CVE-2017-8046.

By Brian Fox on March 07, 2018 known vulnerability
Organizations keep software applications safe, not by chance, but by preparation. Open source vulnerabilities like Struts 2 and Spring are going to happen, companies need continuous monitoring to
Read More...
Brian-Fox-CTO-Sonatype-Feature-Image
READ MORE

Sonatype's 10 Year Journey, with Co-founder Brian Fox

By Brian Fox on February 16, 2018 Sonatype Nexus
The fact that we are closing in on 200,000 open source instances of the Nexus Repository Manager is great to see. That transcends Maven usage. A big popular use case these days is for npm and for
Read More...
Twitter LinkedIn Facebook Instagram YouTube GitHub
Products
Security Research
Solutions
Resources
About
SON_logo_white@2x copy trimmed

Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102
Australia Office - 5 Martin Place, Sydney, NSW 2000, Australia 
London Office - 199 Bishopsgate, London EC2M 3TY

Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.

Terms of Service    Privacy Policy