Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

The Trump White House Takes Aim at Cybersecurity

By Derek Weeks on May 12, 2017 software bill of materials

5 minute read time

The Trump White House Takes Aim at Cybersecurity. Introduces Executive Order: STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE.

Read More...

DevSecOps: Slaying the Myths of Container Security

By Benjamin Wootton on March 21, 2017 Docker

2 minute read time

Security Is A Top Concern For Us When Deploying Containers, says Benjamin Wootton. @benjaminwootton

Read More...

Struts2 Exploited Again. Did Anyone Bother to Tell You?

By Brian Fox on March 10, 2017 oss

5 minute read time

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their.

Read More...

When it Comes to Application Security, “Doing Your Homework” Matters

By Matthew Barker on March 09, 2017 Application Security

4 minute read time

They say software is eating the world, very true, but it has become even more clear that OSS components are eating the software world.

Read More...

How DevOps Killed the Market for Software Composition Analysis

By Matt Howard on February 28, 2017 Application Security

1 minute read time

SCA tools are waterfall-native by design. It is impossible to integrate SCA security controls into DevOps-native work flows in an automated and scalable way.

Read More...