Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

Cheeseburger Risk: Not for the Faint of Heart

By Derek Weeks on May 20, 2014 Cyber Supply Chain Management and Transparency Act

3 minute read time

If you had a heart attack, would you stop eating cheeseburgers? For most people, the answer is “No”.

Read More...

4 Open Source Components You Need to Update Right Now

By Brian Fox on May 07, 2014 Cyber Supply Chain Management and Transparency Act

8 minute read time

Heartbleed has put the security community on notice: it is time to take a harder look at the security status of open source components and frameworks.

Read More...

Are OpenId and OAuth ‘Bleeding’?

By Ryan Berg on May 07, 2014 openid

4 minute read time

Now that Heartbleed has become the new measuring stick for vulnerability disclosures, I have had several people ask me, “Is this OpenId/Oauth thing the next.

Read More...

Like a Good Holiday, the Verizon Breach Report is Here

By Ryan Berg on May 02, 2014 Sonatype Says

5 minute read time

Like a good holiday the Verizon 2014 Data Breach Investigation Report (DBIR) is something I look forward to every year.

Read More...

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

Cheeseburger Risk: Not for the Faint of Heart

4 Open Source Components You Need to Update Right Now

Are OpenId and OAuth ‘Bleeding’?

Like a Good Holiday, the Verizon Breach Report is Here

Secure your software supply chain

Subscribe for all the latest software security news and events