Introducing our 9th annual State of the Software Supply Chain report

By Aaron Linskens on October 03, 2023 open source security

5 minute read time

Sonatype announces the arrival of our 9th annual State of the Software Supply Chain report that explores open source security, industry trends, and more.
Read More...

Supply chain security inside and out

3 minute read time

Every organization needs to safeguard their SDLC. Take a look at two key aspects of ensuring external and internal security for your software supply chain.
Read More...

New design, new feature: Maven Central improvements for developers

By Amanda Yeo on March 28, 2023 open source security

2 minute read time

Hosted by Sonatype, Maven Central has a refreshed interface and new features to improve the developer experience.
Read More...

What is hashing? A look at unique identifiers in software

10 minute read time

Get a handle on software security with these odd-looking but very accessible tools to help sort good from bad on the internet.
Read More...

The shifting landscape of open source supply chain attacks - Part 3

By Brian Fox on January 26, 2023 thought leaders

12 minute read time

Brian Fox shares insights on who’s responsible for the security of software supply chains, and how orgs can minimize impact on efficiency and speed.
Read More...

Java serialization - The gift that keeps on taking (Part 2)

By Steve Poole on March 30, 2022 open source security

7 minute read time

Part two of our Java serialization series: the unexpected consequences of design and how the data stream can be compromised.
Read More...

NIST: Adopt a Secure Software Development Framework (SSDF) to mitigate risk of software vulnerabilities

2 minute read time

NIST recommends a SSDF framework to assess open source component cybersecurity risks, including an SBOM and automated security controls in the SDLC.
Read More...

What Does the New CVSS 3.1 Scoring Model Mean for Enterprise Security?

By Ax Sharma on February 17, 2020 vulnerabilities

3 minute read time

Learn how CVSS 3.1 is different from earlier versions and why changes to this security rating matters.
Read More...

The “Big Hack” That Actually Happened - Chinese Military Implicated in Equifax Breach

By Matt Howard on February 11, 2020 vulnerabilities

3 minute read time

Members of the Chinese Military were implicated in the attack on Equifax's software supply chain. It's time to take software supply chain hygiene seriously.
Read More...