Luke Mcbride

Luke is a writer at Sonatype covering everything from open source licenses and liability to DevSecOps trends and container security.

Dependency Management: Versions Choice and the Software Supply Chain

6 minute read time

The components that software developers rely upon are moving forward, but effective software supply chain management is more than being up to date.
Read More...

2023 Predictions: What Will Happen in Software Supply Chain Governance?

By Luke Mcbride on January 09, 2023 Software Supply Chain

8 minute read time

A look at what we're expecting in the coming year, including open source security, software supply chain attacks, regulation, DevOps, and more.
Read More...

How does Developer Morale Affect My Software Supply Chain?

By Luke Mcbride on January 03, 2023 survey

4 minute read time

Your place in the software supply chain has a lot to do with your development staff. A look at Sonatype data on developer state-of-mind and performance.
Read More...

5 Key Open Source Security Risks and How to Prevent Them

By Luke Mcbride on December 01, 2022 Nexus Lifecycle

5 minute read time

An in-depth look at several key open source security and license risks, along with plans and methods to insulate yourself or avoid them entirely.
Read More...

Perception Versus Reality: a Data-Driven Look at Open Source Risk Management

By Luke Mcbride on November 11, 2022 vulnerability

2 minute read time

Get insights, background, and data and key takeaways from the 8th Annual State of the Software Supply Chain report. Hosted by Dr. Stephen Magill.
Read More...

The No-Fix Mediums? Not Having a High Priority Doesn’t Mean Low Danger

By Luke Mcbride on October 31, 2022 Nexus Lifecycle

5 minute read time

An ongoing weak link in the software supply chain is vulnerable software – are you being proactive or just putting out fires?
Read More...

Open Source Licensing Shift: Fedora Blocks Creative Commons CC0

By Luke Mcbride on August 01, 2022 Nexus Lifecycle

6 minute read time

Recent news of a popular license no longer allowed in open source projects underlines the ongoing evolution of licenses and legal risk.
Read More...

How to Manage Your Open Source Licenses in 2022

By Luke Mcbride on June 02, 2022 licenses

6 minute read time

Development teams are using openly licensed software in their process, and lots of it. To comply with the requirements, you need license management tools.
Read More...

Major Government Attack Highlights How Log4j is Still Unresolved

By Luke Mcbride on March 11, 2022 vulnerabilities

4 minute read time

Despite all the attention and effort so far this year, this open source vulnerability found a it’s first major victim in multiple U.S. State governments.
Read More...