Sonatype Selected by Equifax to Support OS Governance Press Release


Struts2 Exploited Again.  Did Anyone Bother to Tell You?

By Brian Fox on March 10, 2017 oss

This week we saw the announcement of yet another Struts 2 Remote Code Exploit (RCE) vulnerability. What's notable about this instance is that POC code seems


What’s in Your Software

By Matt Howard on January 15, 2016 Software Supply Chain

I can’t tell you how excited I am to be a part of the Sonatype team that is literally reinventing how quality software gets made. As the new guy leading


Did you wake up to an alert about the Java Deserialization vulnerability?

By Brian Fox on November 13, 2015 oss

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their


Legal at DevOps Speed

By Derek Weeks on April 07, 2015 Sonatype Nexus

Our general counsel, Paul Bosco, is a super nice guy. Among his many responsibilities, he helps Sonatype make the right decisions about appropriate license


Open source components, a fine vintage or sour milk?

The U.S. recently overtook France as the world’s largest wine market. And here at Sonatype, we can proudly say we’ve contributed to this achievement. By not