Why developers are becoming the weakest link in supply chain attacks

5 minute read time

As cyber-attacks continue to grow, threat actors have shifted their focus from endpoints and end users to the software supply chain.
Read More...

A Lesson in Why “Security by Press Release” is Detrimental

By Ax Sharma on November 02, 2018 vulnerabilities

4 minute read time

Last week news broke about a 3-year old jQuery vulnerability that was just discovered, and had just been patched - sending many into a frenzy.
Read More...

Dirty Rivers Flow Downstream, Leading to Dirty Reservoirs

By Sylvia Fronczak on November 02, 2018 devsecops

6 minute read time

A reservoir is created by rivers and streams that flow into it. What if one of those rivers is polluted? It pollutes the whole thing.
Read More...

Software Composition Analysis: Precision Definitely Matters (Just Ask Our Competitors)

3 minute read time

Just two years ago, SCA was more about helping traditional security professionals identify suspects across a broad spectrum of open source ecosystems.
Read More...

I Am A Serial Cryptominer: An Open Letter to Software Developers

By Hack Overflow on June 14, 2018 Devops

5 minute read time

An open letter to the DevOps community from a cryptocurrency miner.
Read More...

Making sure our users don't zip-slip and fall

By Brian Fox on June 05, 2018 The Central Repository

1 minute read time

Sonatype has provided The Central Repository for over a decade and we take security of the users very seriously.
Read More...

WSJ on Struts: Companies Still Downloading Flaw Linked to Equifax Breach

2 minute read time

The Wall Street Journal discusses open-source governance, Struts and how companies are still downloading the flaw that led to the Equifax Breach
Read More...

Struts One-Two Punch Knocks Out India

2 minute read time

The social security system of India, AADHAAR, was just breached due to a Struts related vulnerability exploited on their website.
Read More...

Open Source Governance Hits the C-Suite

By Derek Weeks on April 11, 2018 open source management

2 minute read time

The Wall Street Journal’s Adam Janofsky wrote an article entitled, How Companies Can Manage Risks Tied to Open-Source Software*.
Read More...