Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

What is the OWASP Top 10?

By Aaron Linskens on January 12, 2024 vulnerabilities

7 minute read time

Discover the significance of OWASP in cybersecurity – What is OWASP and why it is vital for developers and organizations? Dive deeper with Sonatype.

Read More...

Open source risk management: Safeguarding software integrity

By Aaron Linskens on October 13, 2023 secure software supply chain

6 minute read time

Explore open source risk management as the identification and mitigation of security, compliance, and operational risks with using open source software

Read More...

Going online with the OWASP Vulnerability Management Guide Working Group

By Aaron Linskens on January 20, 2023 secure software supply chain

6 minute read time

The OWASP Vulnerability Management Guide (OVMG) project seeks to simplify vulnerability management into repeatable and scalable cycles.

Read More...

October is Cyber Security Awareness Month. Developers Are Some of Our Best Guardians.

By Katie McCaskey on October 21, 2019 PCI

3 minute read time

As open source software grows, developers play a crucial role ensuring that cyber security threats are prevented, mitigated, and repaired.

Read More...

Software Composition Analysis: A Matter of Perspective (and Experience)

By Wayne Jackson on April 08, 2019 Software composition analysis

2 minute read time

The SCA market is young - leaving everyone wrestling with a critical question: is it a security-centric, developer-centric, or a legal-centric endeavor? At.

Read More...

Application Security Risk in 2019: It's All About The Supply Chain

By Matt Howard on December 28, 2018 AppSec

5 minute read time

Cyber criminals are intentionally planting vulnerabilities directly into the global supply of open source components.

Read More...

House Oversight Report: Equifax Open Source Breach Was Entirely Preventable

By Matt Howard on December 10, 2018 devsecops

3 minute read time

Equifax is not alone. In the last decade, there have been hundreds, if not thousands, of companies have suffered the exact same, easily preventable, mistake.

Read More...

Inevitable: Earthquakes and Exploits

By Mike Hansen on November 15, 2018 AppSec

3 minute read time

Earthquakes and open source vulnerabilities are both inevitable, unpredictable, and can be catastrophic.

Read More...

WSJ on Struts: Companies Still Downloading Flaw Linked to Equifax Breach

By Elissa Walters on May 09, 2018 software bill of materials

2 minute read time

The Wall Street Journal discusses open-source governance, Struts and how companies are still downloading the flaw that led to the Equifax Breach

Read More...

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

What is the OWASP Top 10?

Open source risk management: Safeguarding software integrity

Going online with the OWASP Vulnerability Management Guide Working Group

October is Cyber Security Awareness Month. Developers Are Some of Our Best Guardians.

Software Composition Analysis: A Matter of Perspective (and Experience)

Application Security Risk in 2019: It's All About The Supply Chain

House Oversight Report: Equifax Open Source Breach Was Entirely Preventable

Inevitable: Earthquakes and Exploits

WSJ on Struts: Companies Still Downloading Flaw Linked to Equifax Breach

Secure your software supply chain

Subscribe for all the latest software security news and events