Brian Fox

Brian Fox is a software developer, innovator and entrepreneur. He is an active contributor within the open source development community, most prominently as a member of the Apache Software Foundation and former Chair of the Apache Maven project. As the CTO and co-founder of Sonatype, he is focused on building a platform for developers and DevOps professionals to build high-quality, secure applications with open source components.

Follow me on:
Screen Shot 2018-02-14 at 12.54.59 PM
READ MORE

Malicious Intent: Open Source Developers, Please Protect Your Users

By Brian Fox on February 14, 2018 software bill of materials

1 minute read time

Pay attention to your own digital security as you would if you were protecting millions of others. Malicious code found in npm package conventional-changelog.
Read More...
Screen Shot 2018-02-07 at 12.48.13 PM.png
READ MORE

The Hijacking of a Known GitHub ID: go-bindata

By Brian Fox on February 07, 2018 Software Supply Chain

2 minute read time

the creator of go-bindata deleted their @github account and someone else created a new account under the same name
Read More...
Brian Fox
READ MORE

How Many Hosted Repositories Can Nexus OSS Support

By Brian Fox on January 09, 2018 nexus oss

1 minute read time

How many hosted repositories an Nexus OSS support?
Read More...
Google grafeas.jpeg
READ MORE

Strengthening Software Supply Chains for Everyone: Why Grafeas is a Great Idea

By Brian Fox on October 17, 2017 Nexus Lifecycle

2 minute read time

In keeping with our long standing commitment to open innovation — Sonatype is excited to add unique value to the Grafeas community so organizations everywhere.
Read More...
Brians Family.png
READ MORE

Brian Fox: What does Sonatype do? What do I do all day?

By Brian Fox on September 15, 2017 Sonatype

1 minute read time

Many of my friends and most of my family struggle to understand what it is Sonatype does and therefore what I do all day.
Read More...
GettyImages-1008096704
READ MORE

Vor Security brings OSS Index to Sonatype

By Brian Fox on June 29, 2017 vulnerability

2 minute read time

Vor Security acquisition, extended language coverage, ossindex.net
Read More...
iStock-175197685.jpg
READ MORE

Struts2 Exploited Again.  Did Anyone Bother to Tell You?

By Brian Fox on March 10, 2017 oss

5 minute read time

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their.
Read More...
READ MORE

Did You Wake Up to an Alert About the Java Deserialization Vulnerability?

By Brian Fox on November 13, 2015 oss

4 minute read time

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their.
Read More...
READ MORE

Rubyists Rejoice - Nexus Supports RubyGem Repositories

By Brian Fox on December 01, 2014 nexus pro

3 minute read time

Rubyists Rejoice - Nexus Supports RubyGem Repositories
Read More...