Major Government Attack Highlights How Log4j is Still Unresolved

By Luke Mcbride on March 11, 2022 vulnerabilities

4 minute read time

Despite all the attention and effort so far this year, this open source vulnerability found a it’s first major victim in multiple U.S. State governments.
Read More...

How Much Should the Federal Government Worry About Log4j?

By Jason Nalewak on December 22, 2021 vulnerabilities

7 minute read time

As the world worries about Log4j exploit, we look at how the US Federal Government is responding - and how worried it should be about this vulnerability.
Read More...

What Does NIST’s Definition of Critical Software Mean to You?

By Matt Howard on June 28, 2021 government

3 minute read time

NIST's definition of Critical Software in relation to the 2021 Cybersecurity Executive Order may seem broad, but its immediate implementation is limited.
Read More...

How Does Securing the Software Supply Chain Fit the DoD CIO Zero Trust Architecture?

8 minute read time

Curious how the DoD Zero Trust Architecture relates to secure development and protecting your software supply chain? We're breaking that down for you.
Read More...

SBOM – From the Idea of Transparency to the Reality of Code

4 minute read time

Allan Friedman from the NTIA has been working on SBOM standards in government and industry, for years. He spoke at ELEVATE 2021 about their status and future.
Read More...

What is Dependency Confusion and Why Does it Matter in the Federal Sector?

By Jason Nalewak on May 14, 2021 government

8 minute read time

Developers in the federal space are not immune from dependency confusion attacks. Following Biden's Cybersecurity Executive Order, understanding the attack vector is even more crucial
Read More...

Katie Arrington discusses making development move at the speed of relevance

By Ryan Schradin on September 14, 2020 government

2 minute read time

Katie Arrington, CISO for the Office of the Under Secretary of Defense for Acquisition, recently discussed DevSecOps in the federal government and how the DoD is tackling key issues.
Read More...

NIST: Adopt a Secure Software Development Framework (SSDF) to Mitigate Risk of Software Vulnerabilities

2 minute read time

NIST recommends a SSDF framework to assess open source component cybersecurity risks, including an SBOM and automated security controls in the SDLC.
Read More...

Six Memorable Sessions with Government DevSecOp Leaders: What We Learned

By Jason Green on May 07, 2020 Cybersecurity

4 minute read time

Chris Roberts, Ron Ross, Katie Arrington, Nicolas Chaillan, and Lauren Knausenberger join Sonatype leadership to discuss security trends in the government.
Read More...