Why Developers are Becoming the Weakest Link in Supply Chain Attacks

5 minute read time

As cyber-attacks continue to grow, threat actors have shifted their focus from endpoints and end users to the software supply chain.
Read More...

A Lesson in Why “Security by Press Release” is Detrimental

By Ax Sharma on November 02, 2018 vulnerabilities

4 minute read time

Last week news broke about a 3-year old jQuery vulnerability that was just discovered, and had just been patched - sending many into a frenzy. The reality, however, is this is an old vulnerability
Read More...

Dirty Rivers Flow Downstream, Leading to Dirty Reservoirs

By Sylvia Fronczak on November 02, 2018 devsecops

6 minute read time

A reservoir is created by rivers and streams that flow into it. What if one of those rivers is polluted? It pollutes the whole thing. Similarly, in software, if we add dependencies that are
Read More...

Software Composition Analysis: Precision Definitely Matters (Just Ask Our Competitors)

3 minute read time

Just two years ago, SCA was more about helping traditional security professionals identify suspects across a broad spectrum of open source ecosystems. Much has changed since then. Today,
Read More...

I Am A Serial Cryptominer: An Open Letter to Software Developers

By Hack Overflow on June 14, 2018 Devops

5 minute read time

An open letter to the DevOps community from a cryptocurrency miner.
Read More...

Making sure our users don't zip-slip and fall

By Brian Fox on June 05, 2018 The Central Repository

1 minute read time

Sonatype has provided The Central Repository for over a decade and we take security of the users very seriously. Once we became aware of the zip-slip vulnerability, we wanted to to ensure Central
Read More...

WSJ on Struts: Companies Still Downloading Flaw Linked to Equifax Breach

2 minute read time

The Wall Street Journal discusses open-source governance, Struts and how companies are still downloading the flaw that led to the Equifax Breach
Read More...

Struts One-Two Punch Knocks Out India

2 minute read time

The social security system of India, AADHAAR, was just breached due to a Struts related vulnerability exploited on their website. If you are not familiar with AADHAAR, it offers a 12-digital personal
Read More...

Open Source Governance Hits the C-Suite

By Derek Weeks on April 11, 2018 open source management

2 minute read time

The Wall Street Journal’s Adam Janofsky wrote an article entitled, How Companies Can Manage Risks Tied to Open-Source Software*. Coverage of this topic sheds light on a topic for executives, that has
Read More...