Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Malicious Code Injection Strikes Again as npm Foils $13M Cryptocurrency Theft

By Derek Weeks on June 07, 2019 vulnerabilities
The latest attempt at a cryptocurrency heist demonstrates how open source software components are used throughout the cryptocurrency ecosystem.
Read More...

Application Security Risk in 2019: It's All About The Supply Chain

By Matt Howard on December 28, 2018 AppSec
Cyber criminals are intentionally planting vulnerabilities directly into the global supply of open source components. Heading into 2019, organizations should learn how to run fast enough to harness
Read More...

US Energy and Commerce Committee: 6 Strategies for Modern Cybersecurity Risks

By Ilkka Turunen on December 18, 2018 software bill of materials
On the 12th of December the Subcommittee on oversight and investigations released an additional report identifying the core strategies organisations can take to address modern cybersecurity risks.
Read More...

House Oversight Report: Equifax Open Source Breach Was Entirely Preventable

By Matt Howard on December 10, 2018 devsecops
Equifax is not alone. In the last decade, there have been hundreds, if not thousands, of companies have suffered the exact same, easily preventable, mistake. If you want help eliminating open source
Read More...