Brian Fox is a software developer, innovator and entrepreneur. He is an active contributor within the open source development community, most prominently as a member of the Apache Software Foundation and former Chair of the Apache Maven project. As the CTO and co-founder of Sonatype, he is focused on building a platform for developers and DevOps professionals to build high-quality, secure applications with open source components.
Sonatype is combining a new type of behavioral analysis with machine learning and proprietary data, creating early warning capabilities to detect malicious releases of open source components.
Due to an intellectual property dispute between two third parties, Sonatype is legally required to remove disputed artifacts related to Search Guard from the Central Repository and OSSRH until
Last month, the RubyGems strong_password component was breached and injected with malicious code. This is only the latest example of bad actors attacking developers at the source.
A researcher contacted us about an issue in Nexus Repository, stemming from user access settings. This was not a zero day, but a product feature UX change, to make it easier to be more secure - we
Another remote code execution vulnerability in Apache’s Struts2 Framework was disclosed on August 22, 2018. Everything you need to know and how to find out if you're affected.
Sonatype has provided The Central Repository for over a decade and we take security of the users very seriously. Once we became aware of the zip-slip vulnerability, we wanted to to ensure Central
