Sonatype Selected by Equifax to Support OS Governance Press Release


GDPR and OSS. How are they linked and why should you care?

By Ryan Sheldrake on November 29, 2017 #OSSsecurity

What does GDPR have to do with Open Source Software (OSS)?

The answer is Data. 


Cybersecurity Improvement Act of 2017:  The Ghost of Congress Past

By Matt Howard on August 01, 2017 #OSSsecurity

It seems like yesterday when when Representative Ed Royce proposed legislation entitled the Cyber Supply Chain Management and Transparency ActIn


Vor Security brings OSS Index to Sonatype

By Brian Fox on June 29, 2017 #OSSsecurity

Our data research team is always on the lookout for ways to expand Nexus Lifecycle’s coverage with new sources and feeds of data. A little under a year ago,


Heartbleed: The Open Source Vulnerability that Keeps on Giving (and Taking)

By Matt Howard on June 12, 2017 #OSSsecurity

Disclosed in April 2014, Heartbleed is the vulnerability gift that keeps on giving to some -- and taking away from others.  The latest example of this


We're a Java shop, we're not going to get hacked...

By Tim OBrien on March 27, 2012 Nexus Repo Reel

This article is another in a series of articles associated with our Executive Brief. To access the executive brief, “Addressing Security Concerns in


Today's Security Brief: Application security is widely neglected (by some surprising companies)

By Tim OBrien on March 26, 2012 Nexus Repo Reel

Today we published a paper with Aspect Security, and it's a shocking look at how few people are paying attention to application security. If you consume