Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Application Security Risk in 2019: It's All About The Supply Chain

It’s that time of year again – time to reminisce on the past year and prepare our organizations to tackle the opportunities and challenges that lie ahead in


House Oversight Report: Equifax Open Source Breach Was Entirely Preventable

By Matt Howard on December 10, 2018 equifax
This afternoon, the House Oversight Committee issued a report stating that the  Equifax breach was entirely preventable with basic open source security

Inevitable:  Earthquakes and Exploits

By Mike Hansen on November 15, 2018 AppSec

Nate Silver’s 2012 book “The Signal and The Noise” crisply explains the inevitability of earthquakes and the accuracy with which their frequencies and


WSJ on Struts: Companies Still Downloading Flaw Linked to Equifax Breach

By Elissa Walters on May 09, 2018 devsecops

This morning, Kate Fazzini of The Wall Street Journal wrote an article titled “Companies Still Downloading Flaw that Led to Equifax Breach,” dissecting new


Crypto-Mining Crime Rings: The Newest Reason Why Software Supply Chain Hygiene Matters

By Matt Howard on March 07, 2018 remote code execution

Mining for crypto currencies can make you some serious coin.