Featured Article
Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day
Compliance as Code
4 minute read time
Compliance is a growing consideration for application security and must be managed.
Read More...
The Science of Compliance: Early Code to Secure Your Node
4 minute read time
Compliance testing can—and should—be done at all stages of your CI process. Watch your test tool – there can be false positives as well as false negatives.
Read More...
Nexus Firewall: Quality at Velocity
5 minute read time
Nexus Firewall: Quality at Velocity
Read More...
The Cost to DevOps: 27 Mufflers
4 minute read time
Imagine that you are designing the 2016 Range Rover line of sport utility vehicles. Like all gas powered vehicles, each one needs an exhaust muffler.
Read More...
Better and Fewer Suppliers (2015 Software Supply Chain Report)
4 minute read time
Today I want to focus on the huge ecosystem of open source projects (“suppliers”) that feed a steady stream of innovative components into our software.
Read More...
DevOps Leadership Series: Gov Does DevOps (Part 2)
1 minute read time
During my second day at DevOpsDays DC, I had the opportunity to catch up with a couple more industry thought leaders.
Read More...
DevOps Leadership Series: Gov Does DevOps
2 minute read time
This past week, I had the opportunity to catch up with some more industry thought leaders at the DevOpsDays DC event in our nation’s capital.
Read More...
3 Reasons Manual Policies Just Don’t Work
2 minute read time
Over the past four years, Sonatype has surveyed open source development organizations and year after year, we find that developers have the best intentions.
Read More...
PCI 3.0 - Secure Payment Requires Secure Components
2 minute read time
PCI 3.0 - Secure Payment Requires Secure Components
Read More...