Three Days of DevSecOps: Lessons from Equifax

By Derek Weeks on September 25, 2018 open source governance

2 minute read time

In 2017, one might have considered "three days" to be the new normal for lead time for changes in DevSecOps. In 2018, that window closed to "one second". The adversaries are not only smart, they are
Read More...

2018 DevSecOps Community Survey: Automation Races Against Breaches

By Derek Weeks on April 16, 2018 open source governance

3 minute read time

New research published today, reveals that breaches pinned to open source software components are up 55% year over year. Sonatype’s 2018 DevSecOps Community Survey reported that breaches were
Read More...

Software Liability Gets Real (Global)

By Derek Weeks on February 23, 2018 open source governance

5 minute read time

Software liability turns up the volume in France, Germany, the UK, the USA, and the EU in 2018.
Read More...

Malicious Intent: Open Source Developers, Please Protect Your Users

By Brian Fox on February 14, 2018 software bill of materials

1 minute read time

Pay attention to your own digital security as you would if you were protecting millions of others. Malicious code found in npm package conventional-changelog.
Read More...

DevSecOps Goes Mainstream

By Derek Weeks on January 14, 2018 open source governance

1 minute read time

Traditional security techniques using ownership and control rather than trust will not work in the digital world.
Read More...

Mr. Smith Goes to Washington: Lessons Learned from Equifax in Congress

By Matt Howard on October 03, 2017 open source governance

2 minute read time

Perspective on what Rick Smith, former Equifax CEO, will say today to Congress this week when he testifies.
Read More...

Equifax and Struts: An Ounce of Prevention is Worth a Pound of Cure.

By Matt Howard on September 14, 2017 open source governance

3 minute read time

A $50 billion dollar question is begged. What, if anything, could Equifax have done differently to prevent the Struts breach from happening?
Read More...

DevOps and Opportunities in Software Supply Chain Governance

By Wayne Jackson on February 09, 2017 open source governance

4 minute read time

Governance has been an evil word for software developers but new approaches unlock massive gains in productivity, reductions in cost, improvements in quality.
Read More...

Government Asks: What’s in Your Software?

5 minute read time

Top performing development organizations embrace supply chain management best practices, including use of a Software Bill of Materials (BOM).
Read More...