Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Anatomy of the RubyGems ‘rest-client’ hack, and getting creative about open source security

By Brian Fox on August 23, 2019 open source security
Last month, the RubyGems strong_password component was breached and injected with malicious code. This is only the latest example of bad actors attacking developers at the source.
Read More...

Activate Your Shield Against Open Source Invasions

By Katie McCaskey on August 09, 2019 open source management
Mike Van Doren, Sonatype Solution Architect, identifies the infinity stones that grant superpowers in the Nexus ecosystem.
Read More...

NIST Proposes Standards to Secure Government SDLC

NIST has proposed a set of standards to address the growing need for better software security. Public comment is open until August 5, 2019.
Read More...

Top 5 Tomcat Vulnerabilities

By Sylvia Fronczak on June 12, 2019 vulnerability
If you spend time monitoring and patching OSS projects, you know Tomcat has some vulnerabilities. Today, Tomitribe walked us through 5 of those vulnerabilities.
Read More...

Malicious Attacks On Open Source Are Going to Get Worse: Developers Need to Take Notice

By Sonal Thawani on April 19, 2019 vulnerability
Bad actors have recognized the power of open source and are now beginning to create their own attack opportunities. This new form of assault, allowing hackers to poison the well, is going to get
Read More...

Operating Without an OSS License? That Could Be Dangerous!

By Derek Weeks on April 17, 2019 Nexus Lifecycle
The intent of OSS licensing is to to make sure software can remain open source and freely used. But, some licenses contain requirements that could conflict with your business objectives - it's
Read More...

Sonatype and HackerOne eliminate the pain of reporting open source software vulnerabilities

By Bruce Mayhew on March 21, 2019 Everything Open Source
Sonatype has teamed up with HackerOne to build The Central Security Project, a pioneering program that brings together the ethical hacker and open source communities to streamline the process for
Read More...

Vor Security brings OSS Index to Sonatype

By Brian Fox on June 29, 2017 vulnerability
Vor Security acquisition, extended language coverage, ossindex.net
Read More...

[Part 3] Code, Cars, and Congress: A Time for Cyber Supply Chain Management

[Part 3] Code, Cars, and Congress: A Time for Cyber Supply Chain Management
Read More...