Stephen Magill

Stephen Magill is Vice President of Product Innovation at Sonatype. He’s the former CEO of MuseDev, a software company acquired by Sonatype, and is dedicated to helping developers write their best code through code quality automation.Stephen is a world-recognized expert on program analysis and was previously a principal scientist at Galois. Among his other accomplishments, he earned his Ph.D and M.S in CS from Carnegie Melon and serves on the University of Tulsa Industry Advisory Board.

How Is the Sonatype Safety Rating Determined?

1 minute read time

The Sonatype Safety Rating is an aggregate rating designed to estimate the likelihood of an open source project containing security vulnerabilities.
Read More...

Introducing Our 8th Annual State of the Software Supply Chain Report

2 minute read time

Announcing the arrival of our 8th Annual State of the Software Supply Chain Report looking at managing open source security, industry trends, and more.
Read More...

Despite What Some Vendors Say, Please Don’t Ignore Log4j

By Stephen Magill on September 26, 2022 Nexus Lifecycle

5 minute read time

Ignoring Log4j and recommending that high-risk open source vulnerabilities be left in application code isn't just irresponsible, it's dangerous.
Read More...

What is Code Quality? 5 Software Development Checks You Should be Automating

By Stephen Magill on April 05, 2022 How-To

4 minute read time

One of the most tangible ways to improve software is writing and maintaining good source code, but how do you make that part of your process?
Read More...

Prioritizing Open Source Vulnerabilities: Is Reachability Useful?

By Stephen Magill on December 06, 2021 Open Source

8 minute read time

Good software composition analysis (SCA) can reduce open source risk, but poor results slows development. Can prioritization based on reachability help?
Read More...