What We Learned from Studying 36,000 OSS Projects | Press Release

blog-logo Sonatype Blog

October is Cyber Security Awareness Month. Developers Are Some of Our Best Guardians.

By Katie McCaskey on October 21, 2019 PCI
As open source software grows, developers play a crucial role ensuring that cyber security threats are prevented, mitigated, and repaired.
Read More...

Software Composition Analysis: A Matter of Perspective (and Experience)

The SCA market is young - leaving everyone wrestling with a critical question: is it a security-centric, developer-centric, or a legal-centric endeavor? At Sonatype, we believe it's all of the above.
Read More...

Application Security Risk in 2019: It's All About The Supply Chain

By Matt Howard on December 28, 2018 AppSec
Cyber criminals are intentionally planting vulnerabilities directly into the global supply of open source components. Heading into 2019, organizations should learn how to run fast enough to harness
Read More...

House Oversight Report: Equifax Open Source Breach Was Entirely Preventable

By Matt Howard on December 10, 2018 devsecops
Equifax is not alone. In the last decade, there have been hundreds, if not thousands, of companies have suffered the exact same, easily preventable, mistake. If you want help eliminating open source
Read More...

Inevitable:  Earthquakes and Exploits

By Mike Hansen on November 15, 2018 AppSec
Earthquakes and open source vulnerabilities are both inevitable, unpredictable, and can be catastrophic. Sonatype's Mike Hansen talks about what earthquake preparedness can teach us about open source
Read More...

WSJ on Struts: Companies Still Downloading Flaw Linked to Equifax Breach

The Wall Street Journal discusses open-source governance, Struts and how companies are still downloading the flaw that led to the Equifax Breach
Read More...

Crypto-Mining Crime Rings: The Newest Reason Why Software Supply Chain Hygiene Matters

There are many reasons why organizations should protect their software supply chains. Crypto-mining crime rings are just the latest.
Read More...

DevSecOps and GDPR:  Why Open Source Risk Management Has Never Been More Important

Modern IT teams must: 1. accelerate innovation by harnessing the power of open source and 2. minimize risk by creating flexible controls to automate compliance.
Read More...