Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

How a Software Bill of Materials Uncovers Known Vulnerabilities

In two minutes, we can show you a full software bill of materials for your application. We can also identify any known vulnerabilities in the open source

Read More...

[Part 2] Code, Cars, and Congress: A Time for Cyber Supply Chain Management

On December 4th, 2014, U.S. Congressional Representatives Ed Royce (R-CA) and Lynn Jenkins (R-KS) introduced H.R. 5793, the “Cyber Supply Chain Management

Read More...

Code, Cars, and Congress: A Time for Cyber Supply Chain Management

On December 4th, 2014, U.S. Congressional Representatives Ed Royce (R-CA) and Lynn Jenkins (R-KS) introduced H.R. 5793, the "Cyber Supply Chain Management

Read More...

Talking Turkey in Texas: Open Source Governance Lags

Deep in the heart of Texas, I was leading a panel discussion at the Lone Star Application Security Conference (LASCON) a few weeks ago. The panel was “

Read More...

CIO.com: Helping Developers Reduce Open Source Risk

Last week, CIO.com shared a story of an inflection point in application security. Lucian Constantin discussed how there needs to be a shift from manual

Read More...

Bash 2014 - This Is Not a Party

I can honestly say that although referred to by the media as Shellshocked, I am neither shocked nor awed.

I can’t say that I am a fan of the latest

Read More...

Skeleton Key

A skeleton key is capable of opening any lock regardless of make or type. Do you know anyone who has one? I do. Lots of them.

Read More...