Sonatype Selected by Equifax to Support OS Governance Press Release

SON_logo_blog_2

A Lesson in Why “Security by Press Release” Is Detrimental

By Akshay 'Ax' Sharma on November 02, 2018 jQuery

Last week “news” broke about a 3-year old jQuery vulnerability that was just discovered, and had just been patched. On the surface, it sounded like a big

Read More...

Dirty Rivers Flow Downstream, Leading to Dirty Reservoirs

As many of you have experienced, there’s an increasing push to deliver more, faster. And when we say “more,” we mean more features—not more non-functional

Read More...

Software Composition Analysis: Precision Definitely Matters (Just Ask Our Competitors)

As we gear up to release the 2018 edition of the State of the Software Supply Chain Report, I've been reflecting on the growing market for Software

Read More...

I Am A Serial Cryptominer: An Open Letter to Software Developers

Gluttony: (Latin: gula, derived from the Latin gluttire meaning "to gulp down or swallow") means over-indulgence and over-consumption of food, drink, or

Read More...

Making sure our users don't zip-slip and fall

By Brian Fox on June 05, 2018 security research

Security vulnerabilities in open source software are a fact of life. Sonatype has extensive automated monitoring systems in place designed to discover zero

Read More...

WSJ on Struts: Companies Still Downloading Flaw Linked to Equifax Breach

By Elissa Walters on May 09, 2018 devsecops

This morning, Kate Fazzini of The Wall Street Journal wrote an article titled “Companies Still Downloading Flaw that Led to Equifax Breach,” dissecting new

Read More...

Struts One-Two Punch Knocks Out India

By Derek Weeks on May 02, 2018 struts breach

The social security system of India, AADHAAR, was just breached due to a Struts related vulnerability exploited on their website.   If you are not familiar

Read More...

Open Source Governance Hits the C-Suite

By Derek Weeks on April 11, 2018 open source management

Earlier today, the Wall Street Journal’s Adam Janofsky wrote an article entitled,How Companies Can Manage Risks Tied to Open-Source Software*. Coverage of

Read More...

Fooled twice by the same open source problem? Shame on you. The data behind CVE-2017-8046.

By Brian Fox on March 07, 2018 open source vulnerability

Organizations keep software applications safe, not by chance, but by preparation. Record breaking exploits in 2017 suggest that companies were simply not

Read More...