Anonymous Access In Nexus Repository is Not A Zero-Day Vulnerability
1 minute read time
A researcher contacted us about an issue in Nexus Repository, stemming from user access settings.
Read More...
Open Source Software Is Under Attack; New Event-Stream Hack Is Latest Proof
3 minute read time
Open source software is under attack, and the malicious attack on the popular npm event-stream 3 package, is just the latest proof.
Read More...
Deja Vu All Over Again - Another New Apache Struts Vulnerability (CVE-2018-11776)
2 minute read time
Another remote code execution vulnerability in Apache’s Struts2 Framework was disclosed on August 22, 2018.
Read More...
Microsoft and Github: Open source’s future is brighter than ever
1 minute read time
With Microsoft’s resources behind a great company like GitHub, the future of secure, quality open source looks brighter than ever.
Read More...
Making sure our users don't zip-slip and fall
1 minute read time
Sonatype has provided The Central Repository for over a decade and we take security of the users very seriously.
Read More...
Enhancing SSL security and HTTP/2 support for Maven Central
1 minute read time
TLS and HTTP/2 changes coming to central
Read More...
Secure By Design: Preparing for GDPR Should Begin With Software
4 minute read time
To ensure GDPR compliance, appropriate safeguards must be put in place across the entire software lifecycle.
Read More...
Fooled twice by the same open source problem? Shame on you. The data behind CVE-2017-8046.
2 minute read time
Organizations keep software applications safe, not by chance, but by preparation.
Read More...
Sonatype's 10 Year Journey, with Co-founder Brian Fox
3 minute read time
The fact that we are closing in on 200,000 open source instances of the Nexus Repository Manager is great to see. That transcends Maven usage.
Read More...