NVD overload: Unveiling a hidden crisis in vulnerability management

By Aaron Linskens on March 15, 2024 vulnerabilities

5 minute read time

Learn about a critical yet underreported issue in the National Vulnerability Database (NVD) that could have global impact for cybersecurity infrastructure
Read More...

Secure Software Development Attestation Form: Sonatype helps you comply

6 minute read time

The CISA Secure Software Development Attestation Form sets cybersecurity standards for US Federal agency software purchases. Learn how Sonatype helps you comply with SSDF guidelines.
Read More...

A demand for real consequences: Sonatype's response to CISA's Secure by Design

By Brian Fox on February 23, 2024 thought leaders

7 minute read time

Sonatype's founder and CTO Brian Fox discusses more stringent enforcement mechanisms to encourage wider adoption of secure development practices
Read More...

OpenSSF responds to CISA, advocates for a multifaceted approach to software identification

By Aaron Linskens on December 18, 2023 government

5 minute read time

OpenSSF published a response to CISA's request for comment on their white paper about software identification
Read More...

How the SEC charges against SolarWinds highlight the cybersecurity liability of software companies

By Jeff Wayman on October 31, 2023 Cybersecurity

5 minute read time

Read about how the Securities and Exchange Commission charged SolarWinds and its chief information security officer for violating federal securities laws
Read More...

White House National Cybersecurity Strategy: Landmark action for a critical threat

By Brian Fox on March 02, 2023 Cybersecurity

5 minute read time

The Biden administration announced a new, historic National Cybersecurity Strategy calling for cybersecurity liability and increased investment.
Read More...

Major government attack highlights how Log4j is still unresolved

By Luke Mcbride on March 11, 2022 vulnerabilities

4 minute read time

Despite all the attention and effort so far this year, this open source vulnerability found a it’s first major victim in multiple U.S. State governments.
Read More...

How much should the federal government worry about Log4j?

By Sonatype on December 21, 2021 vulnerabilities

7 minute read time

As the world worries about Log4j exploit, we look at how the US Federal Government is responding - and how worried it should be about this vulnerability.
Read More...

What does NIST's definition of critical software mean to you?

By Matt Howard on June 28, 2021 government

3 minute read time

NIST's definition of Critical Software in relation to the 2021 Cybersecurity Executive Order may seem broad, but its immediate implementation is limited.
Read More...