The 2020 State of the Software Supply Chain Report is available!

Study Shows High-Performance Dev Teams Fix OSS Vulns 26x Faster | Press Release

blog-logo Sonatype Blog

2018 DevSecOps Community Survey: Automation Races Against Breaches

By Derek Weeks on April 16, 2018 open source governance
New research published today, reveals that breaches pinned to open source software components are up 55% year over year. Sonatype’s 2018 DevSecOps Community Survey reported that breaches were

Software Liability Gets Real (Global)

By Derek Weeks on February 23, 2018 open source governance
Software liability turns up the volume in France, Germany, the UK, the USA, and the EU in 2018.

Malicious Intent: Open Source Developers, Please Protect Your Users

By Brian Fox on February 14, 2018 software bill of materials
Pay attention to your own digital security as you would if you were protecting millions of others. Malicious code found in npm package conventional-changelog.

DevSecOps Goes Mainstream

By Derek Weeks on January 14, 2018 open source governance
Traditional security techniques using ownership and control rather than trust will not work in the digital world.

Mr. Smith Goes to Washington: Lessons Learned from Equifax in Congress

By Matt Howard on October 03, 2017 open source governance
Perspective on what Rick Smith, former Equifax CEO, will say today to Congress this week when he testifies.

Equifax and Struts: An Ounce of Prevention is Worth a Pound of Cure.

By Matt Howard on September 14, 2017 open source governance
A $50 billion dollar question is begged. What, if anything, could Equifax have done differently to prevent the Struts breach from happening?

DevOps and Opportunities in Software Supply Chain Governance

By Wayne Jackson on February 09, 2017 open source governance
Governance has been an evil word for software developers but new approaches unlock massive gains in productivity, reductions in cost, improvements in quality.

Government Asks: What’s in Your Software?

Top performing development organizations embrace supply chain management best practices, including use of a Software Bill of Materials (BOM).

An Insider's View: Analyzing Software Supply Chains

2016 state of the software supply chain report reveals the volume of open source component usage and quantifies the presence of known vulnerabilities.