Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Corrupting the Software Supply Chain: Lessons from the Bootstrap-sass Hack

By Elisa Velarde on April 09, 2019 vulnerability
The boldness of bad actors is escalating in the world of open source software. From the event-stream / NPM incident in November of 2018, to the recent bootstrap-sass / Ruby Gems hack, bad actors are
Read More...

Application Security Risk in 2019: It's All About The Supply Chain

By Matt Howard on December 28, 2018 AppSec
Cyber criminals are intentionally planting vulnerabilities directly into the global supply of open source components. Heading into 2019, organizations should learn how to run fast enough to harness
Read More...

Open Source Software Is Under Attack; New Event-Stream Hack Is Latest Proof

By Brian Fox on November 27, 2018 vulnerabilities
Open source software is under attack, and the malicious attack on the popular npm event-stream 3 package, is just the latest proof.
Read More...