Skip Navigation

Luke Mcbride

Luke is a writer at Sonatype covering everything from open source licenses and liability to DevSecOps trends and container security.

Another SolarWinds? The latest software supply chain attack on 3CX

By Luke Mcbride on April 06, 2023 Software Supply Chain

6 minute read time

Get insights on the recent 3CX software supply chain attack and the growing importance of effective dependency management to protect against cyberattacks.

What is hashing? A look at unique identifiers in software

10 minute read time

Get a handle on software security with these odd-looking but very accessible tools to help sort good from bad on the internet.

Comparing SBOM standards: SPDX vs. CycloneDX

By Luke Mcbride on February 17, 2023 software bill of materials

7 minute read time

Do you know which format for generating a software bill of materials (SBOM) is the best option for your organization? A look at the two leading standards.

Project highlights for World Open Source Day: My open source tools

By Luke Mcbride on February 02, 2023 Everything Open Source

6 minute read time

Sonatype's Luke McBride shares some of his favorite open source tools in celebration of World Open Source Day 2023.

Dependency management: Versions choice and the software supply chain

6 minute read time

The components that software developers rely upon are moving forward, but effective software supply chain management is more than being up to date.

2023 predictions: What will happen in software supply chain governance?

By Luke Mcbride on January 09, 2023 Software Supply Chain

8 minute read time

A look at what we're expecting in the coming year, including open source security, software supply chain attacks, regulation, DevOps, and more.

How does developer morale affect my software supply chain?

By Luke Mcbride on January 03, 2023 survey

4 minute read time

Your place in the software supply chain has a lot to do with your development staff. A look at Sonatype data on developer state-of-mind and performance.

5 key open source software security risks and how to prevent them

By Luke Mcbride on December 01, 2022 shift left

5 minute read time

An in-depth look at several key open source security and license risks, along with plans and methods to insulate yourself or avoid them entirely.

Perception versus reality: A data-driven look at open source risk management

By Luke Mcbride on November 11, 2022 vulnerability

2 minute read time

Get insights, background, and data and key takeaways from the 8th Annual State of the Software Supply Chain report. Hosted by Dr. Stephen Magill.