Featured Article

New Design, New Features: Maven Central Improvements for Developers

By Amanda Yeo on March 28, 2023 open source security

Hosted by Sonatype, Maven Central has a refreshed interface and new features to improve the developer experience.

Read More

New Design, New Features: Maven Central Improvements for Developers

By Amanda Yeo on March 28, 2023 open source security

3 minute read time

Hosted by Sonatype, Maven Central has a refreshed interface and new features to improve the developer experience.

Read More...

What is Hashing? A Look at Unique Identifiers in Software

By Luke Mcbride on March 10, 2023 secure software supply chain

10 minute read time

Get a handle on software security with these odd-looking but very accessible tools to help sort good from bad on the internet.

Read More...

The Shifting Landscape of Open Source Supply Chain Attacks - Part 3

By Brian Fox on January 26, 2023 thought leaders

12 minute read time

Brian Fox shares insights on who’s responsible for the security of software supply chains, and how orgs can minimize impact on efficiency and speed.

Read More...

Java Serialisation - The Gift That Keeps on Taking (Part 2)

By Steve Poole on March 30, 2022 open source security

8 minute read time

Part two of our Java serialization series: the unexpected consequences of design and how the data stream can be compromised.

Read More...

NIST: Adopt a Secure Software Development Framework (SSDF) to Mitigate Risk of Software Vulnerabilities

By Jason Green on June 11, 2020 government open source software (GOSS)

2 minute read time

NIST recommends a SSDF framework to assess open source component cybersecurity risks, including an SBOM and automated security controls in the SDLC.

Read More...

What Does the New CVSS 3.1 Scoring Model Mean for Enterprise Security?

By Ax Sharma on February 17, 2020 vulnerabilities

3 minute read time

Learn how CVSS 3.1 is different from earlier versions and why changes to this security rating matters.

Read More...

The “Big Hack” That Actually Happened - Chinese Military Implicated in Equifax Breach

By Matt Howard on February 11, 2020 vulnerabilities

3 minute read time

Members of the Chinese Military were implicated in the attack on Equifax's software supply chain. It's time to take software supply chain hygiene seriously.

Read More...

How to Use Sonatype OSS Index to Identify Security Vulnerabilities

By Casey Dunham on January 09, 2020 github

8 minute read time

OSS Index enables developers to quickly find vulnerabilities in any library with an easy-to-use search feature. Learn more, and how to access the plugins.

Read More...

Are You a Fool With a Tool?

By DJ Schleen on November 22, 2019 security

3 minute read time

Buckminster Fuller cautioned against prioritizing tools. DevOps should always include discussions of culture, strategy, and process for the best outcomes.

Read More...

New Design, New Features: Maven Central Improvements for Developers

New Design, New Features: Maven Central Improvements for Developers

What is Hashing? A Look at Unique Identifiers in Software

The Shifting Landscape of Open Source Supply Chain Attacks - Part 3

Java Serialisation - The Gift That Keeps on Taking (Part 2)

NIST: Adopt a Secure Software Development Framework (SSDF) to Mitigate Risk of Software Vulnerabilities

What Does the New CVSS 3.1 Scoring Model Mean for Enterprise Security?

The “Big Hack” That Actually Happened - Chinese Military Implicated in Equifax Breach

How to Use Sonatype OSS Index to Identify Security Vulnerabilities

Are You a Fool With a Tool?

Secure your software supply chain

Subscribe for all the latest software security news and events