Critical New 0-day Vulnerability in Popular Log4j Library Discovered | Read Blog

Jason Nalewak

Jason is a Customer Success Engineer on Sonatype's federal team and has worked in various capacities supporting information technology and security for the US government.

How Much Should the Federal Government Worry About Log4j?

By Jason Nalewak on December 22, 2021 vulnerabilities
As the world worries about Log4j exploit, we look at how the US Federal Government is responding - and how worried it should be about this vulnerability.

How Does Securing the Software Supply Chain Fit the DoD CIO Zero Trust Architecture?

Curious how the DoD Zero Trust Architecture relates to secure development and protecting your software supply chain? We're breaking that down for you.

What is Dependency Confusion and Why Does it Matter in the Federal Sector?

By Jason Nalewak on May 14, 2021 government
Developers in the federal space are not immune from dependency confusion attacks. Following Biden's Cybersecurity Executive Order, understanding the attack vector is even more crucial