Sonatype Selected by Equifax to Support OS Governance Press Release


26% Acknowledge a Web Application Breach in 2019

By Derek Weeks on February 12, 2019 Post security/devsecops

Early this morning news broke that 620 million account details stolen from hacked websites were up for sale on the dark web.  The scale of the stolen


DevSecOps at Emerasoft: Sonatype Nexus Lifecycle and F5-Advanced WAF

By Ugo Ciracì on February 05, 2019 emerasoft


Cybersecurity Status, 2018. Standing to the many available reports on cybercrime, 2018 has seen the "definitive" rise of cyber attacks. From Ransomware


Let Your Voice Be Heard - Take the 2019 DevSecOps Community Survey

By Janie Gelfond on January 21, 2019 devsecops

The DevOps landscape is constantly adapting and evolving. Most importantly, it is continuously expanding as the “need for speed” in software development


To Succeed, DevSecOps Must Actually Include DevOps

By Derek Weeks on January 07, 2019 Nexus User Conference

Before implementing any DevSecOps tools, you have to embrace that DevSecOps is disruptive to the entire security tool landscape. Too many tools are just


You Can't Manage What You Can't See: Open Source Governance Starts with Visibility

By Derek Weeks on December 17, 2018 open source goveranance

The former CIO for the IRS appeared on television this past weekend to discuss the recent House report on the Equifax breach published by the Energy and


House Oversight Report: Equifax Open Source Breach Was Entirely Preventable

By Matt Howard on December 10, 2018 equifax
This afternoon, the House Oversight Committee issued a report stating that the  Equifax breach was entirely preventable with basic open source security

The Rise of Dependency Scanners

By Curtis Yanko on November 26, 2018 devsecops

2018 has seen a new breed of dependency scanners come onto the scene. These 'manifest' driven scanners allow for their inclusion into source code control


The Path of DevOps Enlightenment for Infosec

By Derek Weeks on November 20, 2018 Nexus User Conference

Security is in crisis.  Can security, as an industry, rise to the demands of DevOps? Is the DevOps culture able to handle security and all of its baggage?