Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Bash 2014 - This Is Not a Party

I can honestly say that although referred to by the media as Shellshocked, I am neither shocked nor awed. I can’t say that I am a fan of the latest glorification of bugs like Heartbleed and

Read More...

What Happened Sept 16th?

We led an invasion last week armed with a flying drone, glowing lightsabers, and the latest knowledge on open source security vulnerabilities. Our mission? Lead, share, educate, moderate, and have

Read More...

Skeleton Key

A skeleton key is capable of opening any lock regardless of make or type. Do you know anyone who has one? I do. Lots of them. At the HP Protect conference last week in Washington DC, the theme of
Read More...

11,000 Voices

This week, I will be attending AppSec USA in Denver with the rest of our Sonatype crew. While it will be my first time attending the event, I am really excited to be leading a panel discussion at the

Read More...

Time for Full Open Source Disclosure

We are not the first industry to face this challenge. But many are convinced our problem is much smaller than it really is or that it does not exist. They simply ignore it. Or choose to do nothing

Read More...

Never a More Interesting Time

“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Light,

Read More...

Hear no Evil, See no Evil, Deploy no Evil

I was going to start off listing a series of what I think are easy questions that I reckon everyone in technology should be able to answer even if they are not or have never been involved with

Read More...

Part 1 - [ ________ ] is the Best Policy

Open source has been around for donkey's years but until recently the persuasive argument of “many eyeballs” was the guiding policy using open source.
Read More...