We led an invasion last week armed with a flying drone, glowing lightsabers, and the latest knowledge on open source security vulnerabilities. Our mission? Lead, share, educate, moderate, and have
Skeleton Key
2 minute read time
A skeleton key is capable of opening any lock regardless of make or type. Do you know anyone who has one? I do. Lots of them. At the HP Protect conference last week in Washington DC, the theme of
Read More...
11,000 Voices
2 minute read time
This week, I will be attending AppSec USA in Denver with the rest of our Sonatype crew. While it will be my first time attending the event, I am really excited to be leading a panel discussion at the
Time for Full Open Source Disclosure
4 minute read time
We are not the first industry to face this challenge. But many are convinced our problem is much smaller than it really is or that it does not exist. They simply ignore it. Or choose to do nothing
Integrating with SonarQube
3 minute read time
Customers using CLM want to surface known security vulnerabilities and license risk in the same place developers or executives already go to assess the overall quality of their application. To
Never a More Interesting Time
1 minute read time
“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Light,
Hear no Evil, See no Evil, Deploy no Evil
3 minute read time
I was going to start off listing a series of what I think are easy questions that I reckon everyone in technology should be able to answer even if they are not or have never been involved with
Part 3 – [ ________ ] is the Best Policy
3 minute read time
In part 1 and part 2 of the '[ ________ ] is the Best Policy' series, we looked at how open source policies can quite often lead to the wrong type of behavior in an organization.
Read More...
"Wait! Wait! Don't pwn me!" from Black Hat 2014
1 minute read time
"Wait! Wait! Don't pwn me!" from Black Hat 2014
Read More...