The shifting landscape of open source supply chain attacks - Part 2

By Brian Fox on January 25, 2023 thought leaders

11 minute read time

Sonatype's Brian Fox delves into how bad actors and cybercriminals are attacking the software supply chain, and how cyberattacks continue to evolve.
Read More...

Best practices in dependency management: Cooking a meal of gourmet code

5 minute read time

Close to 85% of every application is open source software. Better understanding your software supply chain starts with understanding dependency management.
Read More...

What do Log4Shell and a global pandemic have in common?

By Theresa Mammarella on November 15, 2022 AppSec

4 minute read time

A look at development through the lens of weddings, including long-term planning, contingencies, and disasters. A video talk from this years DEVOXX.
Read More...

The no-fix mediums? Not having a high priority doesn’t mean low danger

By Luke Mcbride on October 31, 2022 vulnerabilities

5 minute read time

An ongoing weak link in the software supply chain is vulnerable software – are you being proactive or just putting out fires?
Read More...

Weaponizing open source through job recruiting

By Ilkka Turunen on October 03, 2022 News

7 minute read time

There have been troubling new reports of threat actors weaponizing open source to target employee machines at technology companies, governments, and more.
Read More...

Despite what some vendors say, please don't ignore Log4j

By Stephen Magill on September 26, 2022 vulnerabilities

5 minute read time

Ignoring Log4j and recommending that high-risk open source vulnerabilities be left in application code isn't just irresponsible, it's dangerous.
Read More...

Major government attack highlights how Log4j is still unresolved

By Luke Mcbride on March 11, 2022 vulnerabilities

4 minute read time

Despite all the attention and effort so far this year, this open source vulnerability found a it’s first major victim in multiple U.S. State governments.
Read More...

Java serialization - The gift that keeps on taking (Part 1)

By Steve Poole on March 11, 2022 java

6 minute read time

Log4Shell impels us to review the reasons Java needs serialisation, how to use it safely, and what other options exist. Here in part 1, we examine design.
Read More...

Wicked Good Development Episode 1: Cybersecurity experts talk Log4j, open source and more

By Kadi Grigg on February 04, 2022 Everything Open Source

34 minute read time

3 experts with different views on the world of software talk about the latest in development news. Today's episode: Log4j, White house and Open Source
Read More...