Are OpenId and OAuth ‘Bleeding’?
4 minute read time
Now that Heartbleed has become the new measuring stick for vulnerability disclosures, I have had several people ask me, “Is this OpenId/Oauth thing the next.
Read More...
Like a Good Holiday, the Verizon Breach Report is Here
5 minute read time
Like a good holiday the Verizon 2014 Data Breach Investigation Report (DBIR) is something I look forward to every year.
Read More...
Are we doing enough to prevent future “bleeding hearts”?
4 minute read time
As the HeartBleed bug wreaked havoc on the internet over the past few days, we at Sonatype began thinking about the lessons learned from this recent scare.
Read More...
DevOps: The Last Great Hope for Application Security?
3 minute read time
Once upon a time, there was a great battle between speed and security. Development wanted to go fast. But, security wanted to slow down and be safe.
Read More...
Code Snippet Scanning: Is it Really Needed Anymore?
3 minute read time
Code snippet scanning is a common question we get from prospects. We typically try to dig at why the prospect actually thinks they need snippet matching.
Read More...
2014 Open Source Development Survey: Making Results Matter
1 minute read time
Want to win a programmable LEGO robot? Share your voice in this year’s survey. The real intent of the Open Source Development Survey is to SPARK DISCUSSION. Remember, it’s not the stats that
TED Talks Security: 3 Provoking Discussions
2 minute read time
I love watching TED Talks. To me, they are 15 well-spent minutes watching experts around the world provide great insights into things I thought I knew well.
Read More...
An Open Discussion on Open Source Review Boards
1 minute read time
The recent FS-ISAC whitepaper, “Appropriate Software Security Control Types for Third Party Service and Product Providers”, reveals the majority of internal.
Read More...