Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Development Velocity Is a Surprisingly Good Thing, Says Researchers

By Katie McCaskey on August 13, 2019 open source governance
Organizations with DevOps culture produce high frequency release schedules and stronger MTTU (mean time to update) response scores, to the benefit of all.
Read More...

What Toyota Unlocked Decades Ago Drives Software Supply Chain Management Today

By Katie McCaskey on August 05, 2019 open source governance
Toyota developed a vehicle production framework, still in use today, that shapes contemporary software supply chain management, too.
Read More...

A World of Infinite Choice in Open Source Software

The 2019 Software Supply Chain Report explains the development environment we're all living in and what we can learn from exemplar dev teams.
Read More...

Three Days of DevSecOps: Lessons from Equifax

By Derek Weeks on September 25, 2018 open source governance
In 2017, one might have considered "three days" to be the new normal for lead time for changes in DevSecOps. In 2018, that window closed to "one second". The adversaries are not only smart, they are
Read More...

2018 DevSecOps Community Survey: Automation Races Against Breaches

By Derek Weeks on April 16, 2018 open source governance
New research published today, reveals that breaches pinned to open source software components are up 55% year over year. Sonatype’s 2018 DevSecOps Community Survey reported that breaches were
Read More...

Software Liability Gets Real (Global)

By Derek Weeks on February 23, 2018 open source governance
Software liability turns up the volume in France, Germany, the UK, the USA, and the EU in 2018.
Read More...

Malicious Intent: Open Source Developers, Please Protect Your Users

By Brian Fox on February 14, 2018 software bill of materials
Pay attention to your own digital security as you would if you were protecting millions of others. Malicious code found in npm package conventional-changelog.
Read More...

DevSecOps Goes Mainstream

By Derek Weeks on January 14, 2018 open source governance
Traditional security techniques using ownership and control rather than trust will not work in the digital world.
Read More...

Mr. Smith Goes to Washington: Lessons Learned from Equifax in Congress

By Matt Howard on October 03, 2017 open source governance
Perspective on what Rick Smith, former Equifax CEO, will say today to Congress this week when he testifies.
Read More...