The no-fix mediums? Not having a high priority doesn’t mean low danger
5 minute read time
An ongoing weak link in the software supply chain is vulnerable software – are you being proactive or just putting out fires?
Read More...
Open source licensing shift: Fedora blocks Creative Commons CC0
6 minute read time
Recent news of a popular license no longer allowed in open source projects underlines the ongoing evolution of licenses and legal risk.
Read More...
How to manage your open source licenses in 2022
7 minute read time
Development teams are using openly licensed software in their process, and lots of it. To comply with the requirements, you need license management tools.
Read More...
Major government attack highlights how Log4j is still unresolved
4 minute read time
Despite all the attention and effort so far this year, this open source vulnerability found a it’s first major victim in multiple U.S. State governments.
Read More...
Open source and diversity in tech: Women@Sonatype
8 minute read time
Celebrating International Women's Day (March 8), the Women@Sonatype group discusses community, recruiting, onboarding, inclusion, and beyond.
Read More...
A non-programmer introduction to the software supply chain (Electron)
3 minute read time
Connecting the larger use by the software industry of component programs to something most people have on their machine right now: The Electron Framework.
Read More...
Software supply chains: An introductory guide
8 minute read time
Take a closer look at the software supply chain, including what it contains, why it’s important, and how to protect it from vulnerabilities.
Read More...
Are you still wondering about dependency confusion attacks?
4 minute read time
Despite positive legislation and standards, open source software supply chains remain vulnerable to Dependency Confusion attacks by impersonating legitimate.
Read More...