Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

26% Acknowledge a Web Application Breach in 2019

By Derek Weeks on February 12, 2019 Post security/devsecops

Early this morning news broke that 620 million account details stolen from hacked websites were up for sale on the dark web.  The scale of the stolen


Equifax was 100% preventable -- But 18,000 others at risk

By Derek Weeks on December 17, 2018 OSS governance

Earlier today, Sonatype's Bill Karpovich appeared on Fox Business News to discuss the recent House report on the Equifax breach published by the Energy and


Policy Governance Made Easy - Introducing the Nexus Notifier Plugin for Bitbucket

By Justin Young on September 04, 2018 Nexus Lifecycle

The need for open source governance throughout the development lifecycle has never been greater. And yet, at the same time, the modern developer has never


The Hijacking of a Known GitHub ID: go-bindata

By Brian Fox on February 07, 2018 npmgate

This morning, the creator of go-bindata deleted their GitHub account and someone else created a new account under the same name.  When open source is at


The Power of Data in DevSecOps

By Derek Weeks on January 28, 2018 devsecops

“In God we trust. All others must bring data.” – W. Edwards Deming


Struts2 Vulnerability Cracks Equifax

By Derek Weeks on September 09, 2017 struts2

Four days ago, we saw a critical vulnerability in Struts2 that would leave web applications vulnerable to remote execution of code and enable direct access


What you should know about the latest Struts2 Vulnerability (video and podcast)

By Mark Miller on September 08, 2017 struts2

UPDATE:  On Friday, September 8th, the massive breach of 143 million consumer records at Equifax was directly tied to Struts2.  

With the multiple


Automated Enforcement: The Not So Subtle Difference Between Sonatype Nexus and Everyone Else

By Matt Howard on June 15, 2017 OSS governance

We live in an application economy. Software has become the strategic weapon of choice for competing and winning on a global playing field.  This is a world


Nexus Firewall Grows with Support for PyPI

By Jamie Whitehouse on April 19, 2017 PyPI

All Parts Are Not Created Equal

According to the recent DevSecOps Community survey, 80 - 90% of a modern application is assembled using open source and