Setting Boundaries: How Procurement Relates to Security (Part 1)

By Michael Griffin on August 24, 2022 News and Views

4 minute read time

Whether your organization calls it purchasing, requisition, bidding, or business operations, not managing what comes into your company can be expensive.
Read More...

A Clear Path Forward Toward More Secure and Maintainable Open Source Software

By Brian Fox on May 13, 2022 featured

7 minute read time

Sonatype CTO shares thoughts following conversations, led by OpenSSF, where industry and government came together to discuss securing open source software.
Read More...

Open Source and Diversity in Tech: Women@Sonatype

By Luke Mcbride on March 08, 2022 Women in Tech

8 minute read time

Celebrating International Women's Day (March 8), the Women@Sonatype group discusses community, recruiting, onboarding, inclusion, and beyond.
Read More...

Why Companies Should Contribute to Open Source – And How to Do It

By Matt Freeland on February 03, 2022 Community

7 minute read time

Your company relies on open source projects; giving back to them can reduce tech debt, accelerate innovation, and reduce your developers’ cognitive load. 
Read More...

A Non-Programmer Introduction to the Software Supply Chain (Electron)

By Luke Mcbride on October 14, 2021 Software Supply Chain

3 minute read time

Connecting the larger use by the software industry of component programs to something most people have on their machine right now: The Electron Framework.
Read More...

Software Supply Chains: An Introductory Guide

By Luke Mcbride on October 08, 2021 Open Source

8 minute read time

Take a closer look at the software supply chain, including what it contains, why it’s important, and how to protect it from vulnerabilities.
Read More...

This npm Package Could Have Brought Down Cloudflare’s Entire CDN and Millions of Websites

By Ax Sharma on July 16, 2021 vulnerabilities

5 minute read time

Cloudflare has patched a critical vulnerability in its open source content delivery network, CDNJS, that threatened the security, integrity, and availability of the wider supply chain.
Read More...

Kaseya Ransomware: A Software Supply Chain Attack or Not?

By Matt Howard on July 06, 2021 vulnerabilities

5 minute read time

As companies scramble to address and resolve this devastating attack, we look at what makes a supply chain and what it takes to address upstream attacks.
Read More...

What Does NIST’s Definition of Critical Software Mean to You?

By Matt Howard on June 28, 2021 government

3 minute read time

NIST's definition of Critical Software in relation to the 2021 Cybersecurity Executive Order may seem broad, but its immediate implementation is limited.
Read More...