Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

You Can't Manage What You Can't See: Open Source Governance Starts with Visibility

By Derek Weeks on December 17, 2018 open source goveranance
During the interview, Richard Spires, former CIO at the Internal Revenue Service and now CEO of Learning Tree International, said one of the biggest takeaways from the report is “you can’t protect
Read More...

House Oversight Report: Equifax Open Source Breach Was Entirely Preventable

By Matt Howard on December 10, 2018 devsecops
Equifax is not alone. In the last decade, there have been hundreds, if not thousands, of companies have suffered the exact same, easily preventable, mistake. If you want help eliminating open source
Read More...

WSJ on Struts: Companies Still Downloading Flaw Linked to Equifax Breach

The Wall Street Journal discusses open-source governance, Struts and how companies are still downloading the flaw that led to the Equifax Breach
Read More...

2018 DevSecOps Community Survey: Automation Races Against Breaches

By Derek Weeks on April 16, 2018 open source governance
New research published today, reveals that breaches pinned to open source software components are up 55% year over year. Sonatype’s 2018 DevSecOps Community Survey reported that breaches were
Read More...

GDPR and OSS. How are they linked and why should you care?

By Ryan Sheldrake on November 29, 2017 #OSSsecurity
GDPR and OSS. How are they linked and why should you care?
Read More...

Mr. Smith Goes to Washington: Lessons Learned from Equifax in Congress

By Matt Howard on October 03, 2017 open source governance
Perspective on what Rick Smith, former Equifax CEO, will say today to Congress this week when he testifies.
Read More...

GDPR Compliance? Lessons Learned from Equifax

By Matt Howard on September 22, 2017 Open Source
The lesson from Equifax is simple. Cyber risk management has less to do with perimeter defense, and more to do with open source governance and app hygiene.
Read More...

Insecure at Any Speed

By Mike Hansen on September 18, 2017 Open Source
Because of the pervasive use of of open source software and the poor open source security practices, bad actors simply lie in wait for opportunity to knock.
Read More...

Equifax and Struts: An Ounce of Prevention is Worth a Pound of Cure.

By Matt Howard on September 14, 2017 open source governance
A $50 billion dollar question is begged. What, if anything, could Equifax have done differently to prevent the Struts breach from happening?
Read More...