Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Three Days of DevSecOps: Lessons from Equifax

By Derek Weeks on September 25, 2018 open source governance
In 2017, one might have considered "three days" to be the new normal for lead time for changes in DevSecOps. In 2018, that window closed to "one second". The adversaries are not only smart, they are
Read More...

2018 DevSecOps Community Survey: Automation Races Against Breaches

By Derek Weeks on April 16, 2018 open source governance
New research published today, reveals that breaches pinned to open source software components are up 55% year over year. Sonatype’s 2018 DevSecOps Community Survey reported that breaches were
Read More...

Software Liability Gets Real (Global)

By Derek Weeks on February 23, 2018 open source governance
Software liability turns up the volume in France, Germany, the UK, the USA, and the EU in 2018
Read More...

Malicious Intent: Open Source Developers, Please Protect Your Users

By Brian Fox on February 14, 2018 software bill of materials
Pay attention to your own digital security as you would if you were protecting millions of others. Malicious code found in npm package conventional-changelog.
Read More...

DevSecOps Goes Mainstream

By Derek Weeks on January 14, 2018 open source governance
Traditional security techniques using ownership and control rather than trust will not work in the digital world.
Read More...

Mr. Smith Goes to Washington: Lessons Learned from Equifax in Congress

By Matt Howard on October 03, 2017 open source governance
Perspective on what Rick Smith, former Equifax CEO, will say today to Congress this week when he testifies.
Read More...

Equifax and Struts: An Ounce of Prevention is Worth a Pound of Cure.

By Matt Howard on September 14, 2017 open source governance
A $50 billion dollar question is begged. What, if anything, could Equifax have done differently to prevent the Struts breach from happening?
Read More...

DevOps and Opportunities in Software Supply Chain Governance

By Wayne Jackson on February 09, 2017 open source governance
Governance has been an evil word for software developers but new approaches unlock massive gains in productivity, reductions in cost, improvements in quality.
Read More...

Government Asks: What’s in Your Software?

Top performing development organizations embrace supply chain management best practices, including use of a Software Bill of Materials (BOM).
Read More...