Critical New 0-day Vulnerability in Popular Log4j Library Discovered | Read Blog

New Year, New CVE: a Deep Dive into the ‘node-forge’ (CVE-2022-0122)

By Juan Aguirre on January 25, 2022 vulnerabilities
There's no better way to kick off the new year than with an analysis of an open source vulnerability affecting the popular node-forge component on npm.

'Faker' npm Library Gets New Home After Dev Throws in the Towel

By Ax Sharma on January 18, 2022 npm
Reputable maintainers have taken over the popular (and crucial) open source component "Faker", and it's already seeing traction.

Helping The Open Source Community Find, Fix, and Remediate Log4j

By Ilkka Turunen on December 15, 2021 vulnerabilities
Assistance to protect the software supply chain from Log4j and other logging vulnerabilities. Open source intel, Pull Request Protection, SBOMs, and more.

Prioritizing Open Source Vulnerabilities: Is Reachability Useful?

By Stephen Magill on December 06, 2021 Open Source
Good software composition analysis (SCA) can reduce open source risk, but poor results slows development. Can prioritization based on reachability help?

How to Protect Yourself Against Trojan Source Unicode Attacks with Nexus Firewall

By Chris Good on December 03, 2021 Nexus Firewall
A new kind of attack, Trojan Source, hides vulnerabilities in plain sight of open source code. Protect your development teams with Nexus Firewall.

New Nexus Firewall Release with Developer-First Enhancements

By Chris Good on November 16, 2021 Nexus Firewall
With increasing attacks targeting developers, Sonatype’s new Nexus Firewall features improve application security and developer productivity.

Software Supply Chains: an Introductory Guide

By Luke Mcbride on October 08, 2021 Open Source
Take a closer look at the software supply chain, including what it contains, why it’s important, and how to protect it from vulnerabilities.

Apache Servers Actively Exploited in the Wild, and the Importance of Prompt Patching

By Ax Sharma on October 05, 2021 vulnerabilities
New apache vulnerability exploited in the wild is the result of an incomplete path normalization logic

What is a Software Bill of Materials (SBOM)?

By Justin Reynolds on September 27, 2021 software bill of materials
A deep dive into a Software Bill of Materials with top use cases, benefits, and ways to manage.