Featured Article

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks

Read More

SHARE:

Sonatype_Blog_Logo_White
Image of the White House to represent President Biden's 2021 Cybersecurity Executive Order
READ MORE

What does NIST's definition of critical software mean to you?

By Matt Howard on June 28, 2021 government

3 minute read time

NIST's definition of Critical Software in relation to the 2021 Cybersecurity Executive Order may seem broad, but its immediate implementation is limited.
Read More...
Image of the word Zero Trust
READ MORE

How does securing the software supply chain fit the DoD CIO zero trust architecture?

By Sonatype on June 24, 2021 software bill of materials

8 minute read time

Curious how the DoD Zero Trust Architecture relates to secure development and protecting your software supply chain? We're breaking that down for you.
Read More...
image of notebook with checkmarks representing software bill of materials
READ MORE

SBOM – From the idea of transparency to the reality of code

4 minute read time

Allan Friedman from the NTIA has been working on SBOM standards in government and industry, for years. He spoke at ELEVATE 2021 about their status and future.
Read More...
software supply chain attacks in the federal government
READ MORE

What is dependency confusion and why does it matter in the federal sector?

By Sonatype on May 21, 2021 government

8 minute read time

Developers in the federal space are not immune from dependency confusion attacks.
Read More...
READ MORE

Katie Arrington discusses making development move at the speed of relevance

By Ryan Schradin on September 14, 2020 government

3 minute read time

Katie Arrington, CISO for the Office of the Under Secretary of Defense for Acquisition, recently discussed DevSecOps in the federal government and how the DoD is tackling key issues.
Read More...
READ MORE

NIST: Adopt a Secure Software Development Framework (SSDF) to mitigate risk of software vulnerabilities

2 minute read time

NIST recommends a SSDF framework to assess open source component cybersecurity risks, including an SBOM and automated security controls in the SDLC.
Read More...
government leaders
READ MORE

Six Memorable Sessions With Government DevSecOp Leaders: What We Learned

By Jason Green on May 07, 2020 Cybersecurity

4 minute read time

Chris Roberts, Ron Ross, Katie Arrington, Nicolas Chaillan, and Lauren Knausenberger join Sonatype leadership to discuss security trends in the government.
Read More...
READ MORE

Federal DevSecOps Leaders: It's Time to Join The Conversation

3 minute read time

The DevSecOps Government Leadership Forum, typically hosted in Washington, D.C., will be hosted online so government leaders everywhere can participate.
Read More...
fighter jet
READ MORE

Department of Defense DevSecOps Journey

By Sylvia Fronczak on March 30, 2020 government

3 minute read time

The DevSecOps stack is open source and open to the public. Everything is infrastructure as code and can run on any environment, leveraging Kubernetes.
Read More...