Critical New 0-day Vulnerability in Popular Log4j Library Discovered | Read Blog

Featured Article

PyPI Flooded with 1,275 Dependency Confusion Packages

By Ax Sharma on January 24, 2022 vulnerabilities

Popular Python open source software repository, PyPI has been flooded with over 1,200 dependency confusion packages by the same actor.

Read More...

SHARE:

Sonatype_Blog_Logo_White
READ MORE

How Much Should the Federal Government Worry About Log4j?

By Jason Nalewak on December 22, 2021 vulnerabilities
As the world worries about Log4j exploit, we look at how the US Federal Government is responding - and how worried it should be about this vulnerability.
Read More...
Image of the White House to represent President Biden's 2021 Cybersecurity Executive Order
READ MORE

What Does NIST’s Definition of Critical Software Mean to You?

By Matt Howard on June 28, 2021 government
NIST's definition of Critical Software in relation to the 2021 Cybersecurity Executive Order may seem broad, but its immediate implementation is limited.
Read More...
Image of the word Zero Trust
READ MORE

How Does Securing the Software Supply Chain Fit the DoD CIO Zero Trust Architecture?

Curious how the DoD Zero Trust Architecture relates to secure development and protecting your software supply chain? We're breaking that down for you.
Read More...
image of notebook with checkmarks representing software bill of materials
READ MORE

SBOM – From the Idea of Transparency to the Reality of Code

Allan Friedman from the NTIA has been working on SBOM standards in government and industry, for years. He spoke at ELEVATE 2021 about their status and future.
Read More...
software supply chain attacks in the federal government
READ MORE

What is Dependency Confusion and Why Does it Matter in the Federal Sector?

By Jason Nalewak on May 14, 2021 government
Developers in the federal space are not immune from dependency confusion attacks. Following Biden's Cybersecurity Executive Order, understanding the attack vector is even more crucial
Read More...
READ MORE

Katie Arrington discusses making development move at the speed of relevance

By Ryan Schradin on September 14, 2020 government
Katie Arrington, CISO for the Office of the Under Secretary of Defense for Acquisition, recently discussed DevSecOps in the federal government and how the DoD is tackling key issues.
Read More...
READ MORE

NIST: Adopt a Secure Software Development Framework (SSDF) to Mitigate Risk of Software Vulnerabilities

NIST recommends a SSDF framework to assess open source component cybersecurity risks, including an SBOM and automated security controls in the SDLC.
Read More...
government leaders
READ MORE

Six Memorable Sessions with Government DevSecOp Leaders: What We Learned

By Jason Green on May 07, 2020 Cybersecurity
Chris Roberts, Ron Ross, Katie Arrington, Nicolas Chaillan, and Lauren Knausenberger join Sonatype leadership to discuss security trends in the government.
Read More...
READ MORE

Federal DevSecOps Leaders: It's Time to Join The Conversation

The DevSecOps Government Leadership Forum, typically hosted in Washington, D.C., will be hosted online so government leaders everywhere can participate.
Read More...
Twitter LinkedIn Facebook YouTube GitHub
Products
Free Tools
Solutions
Resources
Customer Portal
Company
SON_logo_white@2x copy trimmed

Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759

Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102

Australia Office - 60 Martin Place Level 1, Sydney, NSW 2000, Australia

London Office -168 Shoreditch High Street, E1 6HU London

Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.

Terms of Service    Privacy Policy    Event Terms and Conditions   Do Not Sell My Personal Information