Stephen Magill

Stephen Magill is Vice President of Product Innovation at Sonatype. He’s the former CEO of MuseDev, a software company acquired by Sonatype, and is dedicated to helping developers write their best code through code quality automation.Stephen is a world-recognized expert on program analysis and was previously a principal scientist at Galois. Among his other accomplishments, he earned his Ph.D and M.S in CS from Carnegie Melon and serves on the University of Tulsa Industry Advisory Board.

How to integrate SBOMs into the software development life cycle

By Stephen Magill on March 20, 2024 SDLC

4 minute read time

Discover strategies for incorporating software bills of materials (SBOMs) into your software development life cycle (SDLC)

Are unnecessary vulnerabilities polluting your software supply chain?

7 minute read time

As malicious software supply chain attacks continue to evolve, so do the ways that bad actors exploit vulnerable libraries.

How is the Sonatype Safety Rating determined?

1 minute read time

The Sonatype Safety Rating is an aggregate rating designed to estimate the likelihood of an open source project containing security vulnerabilities.

Introducing our 8th annual State of the Software Supply Chain

2 minute read time

Announcing the arrival of our 8th Annual State of the Software Supply Chain Report looking at managing open source security, industry trends, and more.

Despite what some vendors say, please don't ignore Log4j

By Stephen Magill on September 26, 2022 vulnerabilities

5 minute read time

Ignoring Log4j and recommending that high-risk open source vulnerabilities be left in application code isn't just irresponsible, it's dangerous.

What is code quality? Five software development checks you should be automating

By Stephen Magill on April 05, 2022 How-To

4 minute read time

One of the most tangible ways to improve software is writing and maintaining good source code, but how do you make that part of your process?

Prioritizing open source vulnerabilities: Is reachability useful?

By Stephen Magill on December 06, 2021 Open Source

8 minute read time

Good software composition analysis (SCA) can reduce open source risk, but poor results slows development. Can prioritization based on reachability help?