Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Breaking Organizational Silos for Better Application Security

By Phil Vuollet on July 08, 2021 AppSec
Security depends on collaboration and communication. Our recent Elevate talk breaks down pillars, structure, and suggestions for organizational silos.
Read More...

Kaseya Ransomware: a Software Supply Chain Attack or Not?

By Matt Howard on July 06, 2021 vulnerabilities
As companies scramble to address and resolve this devastating attack, we look at what makes a supply chain and what it takes to address upstream attacks.
Read More...

What Does NIST’s Definition of Critical Software Mean to You?

By Matt Howard on June 28, 2021 government
NIST's definition of Critical Software in relation to the 2021 Cybersecurity Executive Order may seem broad, but its immediate implementation is limited.
Read More...

Sonatype Launches Customer-Focused Program, Sonatype Innovate

By Maura Harwood on June 17, 2021 News and Views
Say hello to Sonatype Innovate—a program designed for innovators within the Sonatype community to collaborate, grow and learn from each other.
Read More...

Are You Still Wondering About Dependency Confusion Attacks?

By Luke Mcbride on June 03, 2021 featured
Despite positive legislation and standards, open source software supply chains remain vulnerable to Dependency Confusion attacks by impersonating legitimate namespace.
Read More...

UK Government to Step Up Supply Chain Security following US Presidential Executive Order on Cybersecurity

By Ax Sharma on May 21, 2021 featured
2021 is becoming the year of software supply chain security. In less than two weeks, both the US and UK governments made moves to step up their cybersecurity game.
Read More...

Biden’s Cybersecurity Executive Order: Everything You Need to Know You Learned in Kindergarten

By Matt Howard on May 18, 2021 featured
Biden's Cybersecurity Executive Order, set to change secure development processes in the US, is actually quite simple to understand. You just have to go back to kindergarten.
Read More...

What is Dependency Confusion and Why Does it Matter in the Federal Sector?

By Jason Nalewak on May 14, 2021 government
Developers in the federal space are not immune from dependency confusion attacks. Following Biden's Cybersecurity Executive Order, understanding the attack vector is even more crucial
Read More...

Biden Executive Order on Cybersecurity Calls for Enhanced Software Supply Chain Security

Biden's Cybersecurity Executive Order mandates software supply chain security and secure development practices, including creating a software bill of materials for all applications.
Read More...