Sonatype Introduces Next Generation Dependency Management | Press Release

blog-logo Sonatype Blog

Brian Fox

Brian Fox is a software developer, innovator and entrepreneur. He is an active contributor within the open source development community, most prominently as a member of the Apache Software Foundation and former Chair of the Apache Maven project. As the CTO and co-founder of Sonatype, he is focused on building a platform for developers and DevOps professionals to build high-quality, secure applications with open source components.

Microsoft and Github: Open source’s future is brighter than ever

By Brian Fox on June 13, 2018 github
With Microsoft’s resources behind a great company like GitHub, the future of secure, quality open source looks brighter than ever.

Making sure our users don't zip-slip and fall

By Brian Fox on June 05, 2018 The Central Repository
Sonatype has provided The Central Repository for over a decade and we take security of the users very seriously. Once we became aware of the zip-slip vulnerability, we wanted to to ensure Central

Enhancing SSL Security and HTTP/2 support for Central

By Brian Fox on May 21, 2018 Central
TLS and HTTP/2 changes coming to central

Secure By Design: Preparing for GDPR Should Begin With Software

By Brian Fox on May 10, 2018 data protection
To ensure GDPR compliance, appropriate safeguards must be put in place across the entire software lifecycle.

Fooled twice by the same open source problem? Shame on you. The data behind CVE-2017-8046.

By Brian Fox on March 07, 2018 known vulnerability
Organizations keep software applications safe, not by chance, but by preparation. Open source vulnerabilities like Struts 2 and Spring are going to happen, companies need continuous monitoring to

Sonatype's 10 Year Journey, with Co-founder Brian Fox

By Brian Fox on February 16, 2018 Sonatype Nexus
The fact that we are closing in on 200,000 open source instances of the Nexus Repository Manager is great to see. That transcends Maven usage. A big popular use case these days is for npm and for

Malicious Intent: Open Source Developers, Please Protect Your Users

By Brian Fox on February 14, 2018 software bill of materials
Pay attention to your own digital security as you would if you were protecting millions of others. Malicious code found in npm package conventional-changelog.

The Hijacking of a Known GitHub ID: go-bindata

By Brian Fox on February 07, 2018 Software Supply Chain
the creator of go-bindata deleted their @github account and someone else created a new account under the same name

How Many Hosted Repositories Can Nexus OSS Support

By Brian Fox on January 09, 2018 nexus oss
How many hosted repositories an Nexus OSS support?