What Happened Sept 16th?

2 minute read time

We led an invasion last week armed with a flying drone, glowing lightsabers, and the latest knowledge on open source security vulnerabilities. Our mission? Lead, share, educate, moderate, and have

Read More...

Skeleton Key

2 minute read time

A skeleton key is capable of opening any lock regardless of make or type. Do you know anyone who has one? I do. Lots of them. At the HP Protect conference last week in Washington DC, the theme of
Read More...

11,000 Voices

2 minute read time

This week, I will be attending AppSec USA in Denver with the rest of our Sonatype crew. While it will be my first time attending the event, I am really excited to be leading a panel discussion at the

Read More...

Time for Full Open Source Disclosure

4 minute read time

We are not the first industry to face this challenge. But many are convinced our problem is much smaller than it really is or that it does not exist. They simply ignore it. Or choose to do nothing

Read More...

Integrating with SonarQube

By Brian Fox on August 27, 2014 Sonatype Says

3 minute read time

Customers using CLM want to surface known security vulnerabilities and license risk in the same place developers or executives already go to assess the overall quality of their application. To

Read More...

Never a More Interesting Time

1 minute read time

“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Light,

Read More...

Hear no Evil, See no Evil, Deploy no Evil

3 minute read time

I was going to start off listing a series of what I think are easy questions that I reckon everyone in technology should be able to answer even if they are not or have never been involved with

Read More...

Part 3 – [ ________ ] is the Best Policy

By David Jones on August 18, 2014 open source survey

3 minute read time

In part 1 and part 2 of the '[ ________ ] is the Best Policy' series, we looked at how open source policies can quite often lead to the wrong type of behavior in an organization.
Read More...

"Wait! Wait! Don't pwn me!" from Black Hat 2014

By Mark Miller on August 14, 2014 OWASP

1 minute read time

"Wait! Wait! Don't pwn me!" from Black Hat 2014
Read More...