Brian Fox

Brian Fox is a software developer, innovator and entrepreneur. He is an active contributor within the open source development community, most prominently as a member of the Apache Software Foundation and former Chair of the Apache Maven project. As the CTO and co-founder of Sonatype, he is focused on building a platform for developers and DevOps professionals to build high-quality, secure applications with open source components.

Follow me on:
Gavel with government building behind it
READ MORE

A Clear Path Forward Toward More Secure and Maintainable Open Source Software

By Brian Fox on May 13, 2022 featured

7 minute read time

Sonatype CTO shares thoughts following conversations, led by OpenSSF, where industry and government came together to discuss securing open source software.
Read More...
Sonatype acquired MuseDev and full-spectrum software supply chain management
READ MORE

Why Sonatype is Acquiring MuseDev

By Brian Fox on March 16, 2021 Nexus Lifecycle

5 minute read time

Today, Sonatype acquired MuseDev, a developer-first source code analysis platform and unveiled the world’s first full-spectrum platform for strengthening cloud-native software supply chain
Read More...
The importance of Namespacing in Public Open Source Repositories
READ MORE

Why Namespacing Matters in Public Open Source Repositories

By Brian Fox on February 10, 2021 The Central Repository

8 minute read time

Sonatype's CTO explains why the Central Repository has always required namespacing and why all public open source repositories should too, following a new software way supply chain attack.
Read More...
Moving Java components into The Central Repository, following JFrog sunsetting Bintray and JCenter
READ MORE

Dear Bintray and JCenter Users - Here’s What You Need to Know About The Central Repository

By Brian Fox on February 04, 2021 The Central Repository

3 minute read time

If you're freaking out about moving Java components into The Central Repository, following JFrog sunsetting Bintray, don’t worry. We’re here for you.
Read More...
READ MORE

Making Developer’s Lives Easier as We Enter The New Frontier of Dependency Management

By Brian Fox on October 07, 2020 Nexus Lifecycle

4 minute read time

Sonatype's Advanced Development Pack will fundamentally change how teams manage code dependencies.
Read More...
READ MORE

Octopus Scanner Compromises 26 OSS Projects on GitHub

By Brian Fox on May 31, 2020 #OSSsecurity

3 minute read time

The Octopus Scanner malware compromised 26 open source projects hosted on GitHub in a new form of software supply chain attack targeting NetBeans projects.
Read More...
merger
READ MORE

Microsoft Acquires npm: A Healthy Move for Critical Public Infrastructure

By Brian Fox on March 16, 2020 github

3 minute read time

Today, news broke that GitHub and its parent company Microsoft, acquired npm and its public repository of open source JavaScript packages.
Read More...
GettyImages-1038383026
READ MORE

The Dot Zero Conundrum and the New Frontier of Securing Open Source

By Brian Fox on September 24, 2019 code quality

3 minute read time

Sonatype is combining a new type of behavioral analysis with machine learning and proprietary data, creating early warning capabilities to detect malicious releases of open source components.
Read More...
GettyImages-1139164499
READ MORE

Removing Search Guard from the Central Repository

By Brian Fox on September 11, 2019 The Central Repository

2 minute read time

Due to an intellectual property dispute between two third parties, Sonatype is legally required to remove disputed artifacts related to Search Guard from the Central Repository and OSSRH until
Read More...
Twitter LinkedIn Facebook YouTube GitHub
Products
Free Tools
Solutions
Resources
Customer Portal
Company
SON_logo_white@2x copy trimmed

Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759

Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102

Australia Office - 60 Martin Place Level 1, Sydney, NSW 2000, Australia

London Office -168 Shoreditch High Street, E1 6HU London

Subscribe for all the latest software security news and events

Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.

Terms of Service    Privacy Policy    Modern Slavery Statement    Event Terms and Conditions   Do Not Sell My Personal Information