Sonatype Selected by Equifax to Support OS Governance Press Release


Three Days of DevSecOps: Lessons from Equifax

By Derek Weeks on September 25, 2018 devsecops

Three days in March 2017 continuously come up in DevSecOps conversations I am having with friends across the community.  While most people tie the three days


2018 DevSecOps Community Survey: Automation Races Against Breaches

By Derek Weeks on April 16, 2018 devsecops

As the world witnessed record breaches in 2017, leading IT teams were integrating and automating more security practices throughout the software development 


Software Liability Gets Real (Global)

By Derek Weeks on February 23, 2018 Software Liability

This month, France turned up the conversation on software liability for manufacturers who place known defective software components in their products. But,


Malicious Intent: Open Source Developers, Please Protect Your Users

By Brian Fox on February 14, 2018 open source policies

For the second time in as many weeks we’re seeing the fallout of missteps taken by publishers of open source components. It was just last week that I wrote


DevSecOps Goes Mainstream

By Derek Weeks on January 14, 2018 devsecops

Gartner recently posted their Top 10 Strategic Technology Trends for 2018 and DevSecOps practices made the list.

Here's what they said, "Traditional


Mr. Smith Goes to Washington: Lessons Learned from Equifax in Congress

By Matt Howard on October 03, 2017 equifax

This article published yesterday in Gizmodo -- and this one published this morning in the Wall Street Journal shed light on what Rick Smith, former Equifax


Equifax and Struts: An Ounce of Prevention is Worth a Pound of Cure.

By Matt Howard on September 14, 2017 equifax

Last week Equifax announced that it had suffered a massive security breach that exposed Social Security numbers and addresses, of up to 143 million


DevOps and Opportunities in Software Supply Chain Governance

By Wayne Jackson on February 09, 2017 open source governance

Governance has been an evil word for software developers but new approaches unlock massive gains in productivity, reductions in cost, and improvements in


Government Asks: What’s in Your Software?

By Derek Weeks on July 29, 2016 DevOpsSec

U.S. Government pays closer attention to software components

Multiple agencies across the U.S. government are paying closer attention to the software they