Skip Navigation
Book a Demo
Book a Demo

Featured Article

Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day

By Ax Sharma on October 12, 2023 vulnerability

Discover ten open source packages affected by the HTTP/2 Rapid Reset vulnerability, disclosed by Cloudflare this week

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

How the SEC charges against SolarWinds highlight the cybersecurity liability of software companies

By Jeff Wayman on October 31, 2023 Cybersecurity

5 minute read time

Read about how the Securities and Exchange Commission charged SolarWinds and its chief information security officer for violating federal securities laws
Read More...
READ MORE

White House National Cybersecurity Strategy: Landmark action for a critical threat

By Brian Fox on March 02, 2023 Cybersecurity

5 minute read time

The Biden administration announced a new, historic National Cybersecurity Strategy calling for cybersecurity liability and increased investment.
Read More...
Wrecking ball image
READ MORE

Major government attack highlights how Log4j is still unresolved

By Luke Mcbride on March 11, 2022 vulnerabilities

4 minute read time

Despite all the attention and effort so far this year, this open source vulnerability found a it’s first major victim in multiple U.S. State governments.
Read More...
READ MORE

How Much Should the Federal Government Worry About Log4j?

By Sonatype on December 21, 2021 vulnerabilities

7 minute read time

As the world worries about Log4j exploit, we look at how the US Federal Government is responding - and how worried it should be about this vulnerability.
Read More...
Image of the White House to represent President Biden's 2021 Cybersecurity Executive Order
READ MORE

What Does NIST’s Definition of Critical Software Mean to You?

By Matt Howard on June 28, 2021 government

3 minute read time

NIST's definition of Critical Software in relation to the 2021 Cybersecurity Executive Order may seem broad, but its immediate implementation is limited.
Read More...
Image of the word Zero Trust
READ MORE

How Does Securing the Software Supply Chain Fit the DoD CIO Zero Trust Architecture?

By Sonatype on June 24, 2021 software bill of materials

8 minute read time

Curious how the DoD Zero Trust Architecture relates to secure development and protecting your software supply chain? We're breaking that down for you.
Read More...
image of notebook with checkmarks representing software bill of materials
READ MORE

SBOM – From the Idea of Transparency to the Reality of Code

4 minute read time

Allan Friedman from the NTIA has been working on SBOM standards in government and industry, for years. He spoke at ELEVATE 2021 about their status and future.
Read More...
software supply chain attacks in the federal government
READ MORE

What is Dependency Confusion and Why Does it Matter in the Federal Sector?

By Sonatype on May 21, 2021 government

8 minute read time

Developers in the federal space are not immune from dependency confusion attacks.
Read More...
READ MORE

Katie Arrington discusses making development move at the speed of relevance

By Ryan Schradin on September 14, 2020 government

2 minute read time

Katie Arrington, CISO for the Office of the Under Secretary of Defense for Acquisition, recently discussed DevSecOps in the federal government and how the DoD is tackling key issues.
Read More...