Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Application Security Risk in 2019: It's All About The Supply Chain

By Matt Howard on December 28, 2018 AppSec
Cyber criminals are intentionally planting vulnerabilities directly into the global supply of open source components. Heading into 2019, organizations should learn how to run fast enough to harness
Read More...

You Can't Manage What You Can't See: Open Source Governance Starts with Visibility

By Derek Weeks on December 17, 2018 open source goveranance
During the interview, Richard Spires, former CIO at the Internal Revenue Service and now CEO of Learning Tree International, said one of the biggest takeaways from the report is “you can’t protect
Read More...

Equifax was 100% preventable -- But 18,000 others at risk

By Derek Weeks on December 17, 2018 vulnerabilities
Karpovich reflected on findings from the House report that the breach at Equifax was 100% preventable -- as the vulnerability at the root of the breach was one that had been publicly disclosed days
Read More...

Three Days of DevSecOps: Lessons from Equifax

By Derek Weeks on September 25, 2018 open source governance
In 2017, one might have considered "three days" to be the new normal for lead time for changes in DevSecOps. In 2018, that window closed to "one second". The adversaries are not only smart, they are
Read More...