Featured Article

New Design, New Features: Maven Central Improvements for Developers

By Amanda Yeo on March 28, 2023 open source security

Hosted by Sonatype, Maven Central has a refreshed interface and new features to improve the developer experience.

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Going Online With the OWASP Vulnerability Management Guide Working Group

6 minute read time

The OWASP Vulnerability Management Guide (OVMG) project seeks to simplify vulnerability management into repeatable and scalable cycles.
Read More...
nesa-by-makers-tWjzmNXKup4-unsplash
READ MORE

October is Cyber Security Awareness Month. Developers Are Some of Our Best Guardians.

By Katie McCaskey on October 21, 2019 PCI

3 minute read time

As open source software grows, developers play a crucial role ensuring that cyber security threats are prevented, mitigated, and repaired.
Read More...
GettyImages-1038975072
READ MORE

Software Composition Analysis: A Matter of Perspective (and Experience)

2 minute read time

The SCA market is young - leaving everyone wrestling with a critical question: is it a security-centric, developer-centric, or a legal-centric endeavor? At Sonatype, we believe it's all of the above.
Read More...
2019 Updated-1
READ MORE

Application Security Risk in 2019: It's All About The Supply Chain

By Matt Howard on December 28, 2018 AppSec

5 minute read time

Cyber criminals are intentionally planting vulnerabilities directly into the global supply of open source components. Heading into 2019, organizations should learn how to run fast enough to harness
Read More...
camera
READ MORE

House Oversight Report: Equifax Open Source Breach Was Entirely Preventable

By Matt Howard on December 10, 2018 devsecops

3 minute read time

Equifax is not alone. In the last decade, there have been hundreds, if not thousands, of companies have suffered the exact same, easily preventable, mistake. If you want help eliminating open source
Read More...
GettyImages-1062337336-1
READ MORE

Inevitable:  Earthquakes and Exploits

By Mike Hansen on November 15, 2018 AppSec

3 minute read time

Earthquakes and open source vulnerabilities are both inevitable, unpredictable, and can be catastrophic. Sonatype's Mike Hansen talks about what earthquake preparedness can teach us about open source
Read More...
SON_Survey2018_13
READ MORE

WSJ on Struts: Companies Still Downloading Flaw Linked to Equifax Breach

2 minute read time

The Wall Street Journal discusses open-source governance, Struts and how companies are still downloading the flaw that led to the Equifax Breach
Read More...
READ MORE

Crypto-Mining Crime Rings: The Newest Reason Why Software Supply Chain Hygiene Matters

3 minute read time

There are many reasons why organizations should protect their software supply chains. Crypto-mining crime rings are just the latest.
Read More...
27-SonatypesData.png
READ MORE

DevSecOps and GDPR:  Why Open Source Risk Management Has Never Been More Important

2 minute read time

Modern IT teams must: 1. accelerate innovation by harnessing the power of open source and 2. minimize risk by creating flexible controls to automate compliance.
Read More...