Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

Bryson Koehler, Equifax CTO, Discusses the Road Ahead in Data Security Infrastructure

By Mark Miller on March 23, 2020 vulnerabilities
Equifax is creating a customer driven platform that includes security automation and data privacy, all while building transparency into the process.
Read More...

The “Big Hack” That Actually Happened - Chinese Military Implicated in Equifax Breach

By Matt Howard on February 11, 2020 vulnerabilities
Members of the Chinese Military were implicated in the attack on Equifax's software supply chain. It's time to take software supply chain hygiene seriously.
Read More...

You Can't Manage What You Can't See: Open Source Governance Starts with Visibility

By Derek Weeks on December 17, 2018 open source goveranance
During the interview, Richard Spires, former CIO at the Internal Revenue Service and now CEO of Learning Tree International, said one of the biggest takeaways from the report is “you can’t protect
Read More...

House Oversight Report: Equifax Open Source Breach Was Entirely Preventable

By Matt Howard on December 10, 2018 devsecops
Equifax is not alone. In the last decade, there have been hundreds, if not thousands, of companies have suffered the exact same, easily preventable, mistake. If you want help eliminating open source
Read More...

WSJ on Struts: Companies Still Downloading Flaw Linked to Equifax Breach

The Wall Street Journal discusses open-source governance, Struts and how companies are still downloading the flaw that led to the Equifax Breach
Read More...

2018 DevSecOps Community Survey: Automation Races Against Breaches

By Derek Weeks on April 16, 2018 open source governance
New research published today, reveals that breaches pinned to open source software components are up 55% year over year. Sonatype’s 2018 DevSecOps Community Survey reported that breaches were
Read More...

GDPR and OSS. How Are They Linked and Why Should You Care?

By Ryan Sheldrake on November 29, 2017 Everything Open Source
GDPR and OSS. How are they linked and why should you care?
Read More...

Mr. Smith Goes to Washington: Lessons Learned from Equifax in Congress

By Matt Howard on October 03, 2017 open source governance
Perspective on what Rick Smith, former Equifax CEO, will say today to Congress this week when he testifies.
Read More...

GDPR Compliance? Lessons Learned from Equifax

By Matt Howard on September 22, 2017 Open Source
The lesson from Equifax is simple. Cyber risk management has less to do with perimeter defense, and more to do with open source governance and app hygiene.
Read More...