Skip Navigation

Going online with the OWASP Vulnerability Management Guide Working Group

6 minute read time

The OWASP Vulnerability Management Guide (OVMG) project seeks to simplify vulnerability management into repeatable and scalable cycles.
Read More...

October is Cyber Security Awareness Month. Developers Are Some of Our Best Guardians.

By Katie McCaskey on October 21, 2019 PCI

3 minute read time

As open source software grows, developers play a crucial role ensuring that cyber security threats are prevented, mitigated, and repaired.
Read More...

Software Composition Analysis: A Matter of Perspective (and Experience)

2 minute read time

The SCA market is young - leaving everyone wrestling with a critical question: is it a security-centric, developer-centric, or a legal-centric endeavor? At Sonatype, we believe it's all of the above.
Read More...

Application Security Risk in 2019: It's All About The Supply Chain

By Matt Howard on December 28, 2018 AppSec

5 minute read time

Cyber criminals are intentionally planting vulnerabilities directly into the global supply of open source components. Heading into 2019, organizations should learn how to run fast enough to harness
Read More...

House Oversight Report: Equifax Open Source Breach Was Entirely Preventable

By Matt Howard on December 10, 2018 devsecops

3 minute read time

Equifax is not alone. In the last decade, there have been hundreds, if not thousands, of companies have suffered the exact same, easily preventable, mistake. If you want help eliminating open source
Read More...

Inevitable:  Earthquakes and Exploits

By Mike Hansen on November 15, 2018 AppSec

3 minute read time

Earthquakes and open source vulnerabilities are both inevitable, unpredictable, and can be catastrophic. Sonatype's Mike Hansen talks about what earthquake preparedness can teach us about open source
Read More...

WSJ on Struts: Companies Still Downloading Flaw Linked to Equifax Breach

2 minute read time

The Wall Street Journal discusses open-source governance, Struts and how companies are still downloading the flaw that led to the Equifax Breach
Read More...

Crypto-Mining Crime Rings: The Newest Reason Why Software Supply Chain Hygiene Matters

3 minute read time

There are many reasons why organizations should protect their software supply chains. Crypto-mining crime rings are just the latest.
Read More...

DevSecOps and GDPR:  Why Open Source Risk Management Has Never Been More Important

2 minute read time

Modern IT teams must: 1. accelerate innovation by harnessing the power of open source and 2. minimize risk by creating flexible controls to automate compliance.
Read More...