Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Inevitable:  Earthquakes and Exploits

By Mike Hansen on November 15, 2018 AppSec

Nate Silver’s 2012 book “The Signal and The Noise” crisply explains the inevitability of earthquakes and the accuracy with which their frequencies and


What the TPG-led $80M Investment Means for the Future of Sonatype and the DevSecOps Movement

By Wayne Jackson on September 07, 2018 Sonatype

Today, I’m proud to share that TPG Capital has led an $80 million investment in Sonatype; this is an incredibly exciting development for our company.


Deja Vu All Over Again - Another New Apache Struts Vulnerability (CVE-2018-11776)

By Brian Fox on August 23, 2018 Nexus Lifecycle

Another remote code execution vulnerability in Apache’s Struts2 Framework was disclosed late yesterday - leaving many feeling like they’re having Deja Vu.


Learning in the Modern Enterprise – going to DevOps Enterprise Summit London with an open mindset

By Mirco Hering on June 19, 2018 devops

DevOps Enterprise Summit (DOES) London is only days away. I am super excited to participate and share my book - DevOps for the Modern Enterprise - with the


I Am A Serial Cryptominer: An Open Letter to Software Developers

By Hack Overflow on June 14, 2018 Devops

Gluttony: (Latin: gula, derived from the Latin gluttire meaning "to gulp down or swallow") means over-indulgence and over-consumption of food, drink, or


Secure By Design: Preparing for GDPR Should Begin With Software

By Brian Fox on May 10, 2018 data protection

Software is no longer written from scratch -- it’s assembled.


WSJ on Struts: Companies Still Downloading Flaw Linked to Equifax Breach

This morning, Kate Fazzini of The Wall Street Journal wrote an article titled “Companies Still Downloading Flaw that Led to Equifax Breach,” dissecting new