Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

Fooled twice by the same open source problem? Shame on you. The data behind CVE-2017-8046.

By Brian Fox on March 07, 2018 known vulnerability

2 minute read time

Organizations keep software applications safe, not by chance, but by preparation.

Read More...

The Power of Data in DevSecOps

By Derek Weeks on January 28, 2018 OSS governance

2 minute read time

Better data improves mean times to repair in DevSecOps pipelines.

Read More...

Mr. Smith Goes to Washington: Lessons Learned from Equifax in Congress

By Matt Howard on October 03, 2017 open source governance

2 minute read time

Perspective on what Rick Smith, former Equifax CEO, will say today to Congress this week when he testifies.

Read More...

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

Fooled twice by the same open source problem? Shame on you. The data behind CVE-2017-8046.

The Power of Data in DevSecOps

Mr. Smith Goes to Washington: Lessons Learned from Equifax in Congress

Secure your software supply chain

Subscribe for all the latest software security news and events