One in Six Developers in Healthcare Report Open Source Breaches | Press Release

blog-logo Sonatype Blog

ZeroTrustOps: Securing at Scale

By Sylvia Fronczak on June 19, 2020 AppSec
With zero trust, you assume everything on the network is unsafe. You have to check trust explicitly. This stance improves security throughout the SDLC.
Read More...

Octopus Scanner Compromises 26 OSS Projects on GitHub

By Brian Fox on May 31, 2020 #OSSsecurity
The Octopus Scanner malware compromised 26 open source projects hosted on GitHub in a new form of software supply chain attack targeting NetBeans projects.
Read More...

GDPR and OSS. How Are They Linked and Why Should You Care?

By Ryan Sheldrake on November 29, 2017 Everything Open Source
GDPR and OSS. How are they linked and why should you care?
Read More...

Cybersecurity Improvement Act of 2017:  The Ghost of Congress Past

A steady breeze is blowing from Washington DC that is nudging the software industry toward a future in which vendors will no longer be immune to liability.
Read More...

Vor Security brings OSS Index to Sonatype

By Brian Fox on June 29, 2017 vulnerability
Vor Security acquisition, extended language coverage, ossindex.net
Read More...

Heartbleed: The Open Source Vulnerability that Keeps on Giving (and Taking)

By Matt Howard on June 12, 2017 Everything Open Source
Heartbleed is taking £100,000 from the council more than three years after the fact.
Read More...

We're a Java shop, we're not going to get hacked...

By Tim OBrien on March 27, 2012 Nexus Repo Reel
We're a Java shop, we're not going to get hacked...
Read More...

Today's Security Brief: Application security is widely neglected (by some surprising companies)

By Tim OBrien on March 26, 2012 Nexus Repo Reel
Today's Security Brief: Application security is widely neglected (by some surprising companies)
Read More...