Open Source Software Is Under Attack; New Event-Stream Hack Is Latest Proof

By Brian Fox on November 27, 2018 vulnerabilities

3 minute read time

Open source software is under attack, and the malicious attack on the popular npm event-stream 3 package, is just the latest proof.
Read More...

Dirty Rivers Flow Downstream, Leading to Dirty Reservoirs

By Sylvia Fronczak on November 02, 2018 devsecops

6 minute read time

A reservoir is created by rivers and streams that flow into it. What if one of those rivers is polluted? It pollutes the whole thing.
Read More...

Who Cares if Supermicro Happened. Supply Chain Attacks are Real and It’s Time to Pay Attention

3 minute read time

Technology supply chain attacks are happening in the wild, and whether or not the Supermicro story is real, it should be a wake-up call for all of us.
Read More...

Three Days of DevSecOps: Lessons from Equifax

By Derek Weeks on September 25, 2018 open source governance

2 minute read time

In 2017, one might have considered "three days" to be the new normal for lead time for changes in DevSecOps. In 2018, that window closed to "one second".
Read More...

The 2018 State of the Software Supply Chain Report is here!

By Derek Weeks on September 25, 2018 devsecops

2 minute read time

Today, Sonatype introduces the 2018 State of the Software Supply Chain Report, on managing open source components to accelerate innovation.
Read More...