Featured Article

Sonatype Named in the 2023 Gartner® Magic Quadrant™ for Application Security Testing

By Tara Flynn Condon on May 23, 2023 AppSec

Sonatype is named to the 2023 Gartner Magic Quadrant for Application Security Testing (AST).

Read More

How a Software Bill of Materials Uncovers Known Vulnerabilities

By Derek Weeks on April 30, 2015 Cyber Supply Chain Management and Transparency Act

3 minute read time

How a Software Bill of Materials Uncovers Known Vulnerabilities

Read More...

Real World Experiences: Blackboard

By Derek Weeks on April 21, 2015 Component Lifecycle Management

3 minute read time

As part of a new series we're calling 'Real World Experiences' we'll be highlighting how Sonatype customers are benefiting from greater development efficiency, higher productivity levels, faster time

Read More...

The Software Supply Chain Piques Interest

By Derek Weeks on February 09, 2015 Cyber Supply Chain Management and Transparency Act

3 minute read time

As we looked back at what our readers found most intriguing in the past year, we found one central theme: managing their software supply chain. Our readers wanted to know in a continuous world, where

Read More...

Talking Turkey in Texas: Open Source Governance Lags

By Derek Weeks on November 25, 2014 Cyber Supply Chain Management and Transparency Act

3 minute read time

Talking Turkey in Texas: Open Source Governance Lags

Read More...

CIO.com: Helping Developers Reduce Open Source Risk

By Derek Weeks on November 17, 2014 Cyber Supply Chain Management and Transparency Act

1 minute read time

CIO.com: Helping Developers Reduce Open Source Risk

Read More...

Bash 2014 - This Is Not a Party

By Derek Weeks on September 25, 2014 Cyber Supply Chain Management and Transparency Act

2 minute read time

I can honestly say that although referred to by the media as Shellshocked, I am neither shocked nor awed. I can’t say that I am a fan of the latest glorification of bugs like Heartbleed and

Read More...

Skeleton Key

By Derek Weeks on September 19, 2014 Cyber Supply Chain Management and Transparency Act

2 minute read time

A skeleton key is capable of opening any lock regardless of make or type. Do you know anyone who has one? I do. Lots of them. At the HP Protect conference last week in Washington DC, the theme of

Read More...

11,000 Voices

By Derek Weeks on September 16, 2014 Cyber Supply Chain Management and Transparency Act

2 minute read time

This week, I will be attending AppSec USA in Denver with the rest of our Sonatype crew. While it will be my first time attending the event, I am really excited to be leading a panel discussion at the

Read More...

Time for Full Open Source Disclosure

By Derek Weeks on September 12, 2014 Cyber Supply Chain Management and Transparency Act

4 minute read time

We are not the first industry to face this challenge. But many are convinced our problem is much smaller than it really is or that it does not exist. They simply ignore it. Or choose to do nothing

Read More...

Sonatype Named in the 2023 Gartner® Magic Quadrant™ for Application Security Testing

How a Software Bill of Materials Uncovers Known Vulnerabilities

Real World Experiences: Blackboard

The Software Supply Chain Piques Interest

Talking Turkey in Texas: Open Source Governance Lags

CIO.com: Helping Developers Reduce Open Source Risk

Bash 2014 - This Is Not a Party

Skeleton Key

11,000 Voices

Time for Full Open Source Disclosure

Secure your software supply chain

Subscribe for all the latest software security news and events