A Clear Path Forward Toward More Secure and Maintainable Open Source Software

By Brian Fox on May 13, 2022 featured

7 minute read time

Sonatype CTO shares thoughts following conversations, led by OpenSSF, where industry and government came together to discuss securing open source software.
Read More...

Major Government Attack Highlights How Log4j is Still Unresolved

By Luke Mcbride on March 11, 2022 vulnerabilities

4 minute read time

Despite all the attention and effort so far this year, this open source vulnerability found a it’s first major victim in multiple U.S. State governments.
Read More...

Open source and diversity in tech: Women@Sonatype

By Luke Mcbride on March 08, 2022 Women in Tech

8 minute read time

Celebrating International Women's Day (March 8), the Women@Sonatype group discusses community, recruiting, onboarding, inclusion, and beyond.
Read More...

A Decade as a Woman in Cybersecurity: What I Wish I Had Known

By Ankita Lamba on March 08, 2022 featured

4 minute read time

Navigating the cybersecurity industry as a woman can be hard. In honor of International Women's Day Ankita Lamba shares what she wished she knew entering the industry 10 years ago.
Read More...

Wicked Good Development - Starting Security Left

By Kadi Grigg on February 18, 2022 Everything Open Source

24 minute read time

In today's episode of Wicked Good Development we're tackling the ongoing discussion about shifting security left - on how developers can become empowered.
Read More...

Why are Dependency Confusion Attacks Not Going Away?

By Ax Sharma on February 09, 2022 dependencies

4 minute read time

Sonatype has caught more than 63,000 suspicious packages, the majority of which are dependency confusion candidates. Why are these attacks not going away?
Read More...

Wicked Good Development - Cybersecurity Experts Talk Log4J, Open Source and More

By Kadi Grigg on February 04, 2022 Everything Open Source

34 minute read time

3 experts with different views on the world of software talk about the latest in development news. Today's episode: Log4j, White house and Open Source
Read More...

A Cause for Celebration: Reaching $100 M in ARR and Welcoming Our First President

By Wayne Jackson on January 27, 2022 featured

3 minute read time

Sonatype reaches pivotal revenue milestone and welcomes its first president.
Read More...

FTC Warning in Wake of Log4j: Secure Your Software Supply Chain

By Andrew Yorra on January 06, 2022 legal

3 minute read time

Not addressing Log4shell issues are looking at more than downtime or reputation damage. U.S. regulators are considering lawsuits to enforce security.
Read More...