Sonatype Selected by Equifax to Support OS Governance Press Release

SON_logo_blog_2

Open Source Software Is Under Attack; New Event-Stream Hack Is Latest Proof

By Brian Fox on November 27, 2018 event-stream

Earlier this year, I detailed a new battlefront for open source software based on the fact that bad actors are increasingly polluting public wells like npm

Read More...

Dirty Rivers Flow Downstream, Leading to Dirty Reservoirs

As many of you have experienced, there’s an increasing push to deliver more, faster. And when we say “more,” we mean more features—not more non-functional

Read More...

Three Days of DevSecOps: Lessons from Equifax

By Derek Weeks on September 25, 2018 devsecops

Three days in March 2017 continuously come up in DevSecOps conversations I am having with friends across the community.  While most people tie the three days

Read More...

The 2018 State of the Software Supply Chain Report is here!

Two months after we launched our 2017 report, we all learned that Equifax had been breached. The hackers attack vector was a known vulnerable open source

Read More...