News and Notes from the makers of Nexus | Sonatype Blog

Malicious Attacks On Open Source Are Going to Get Worse; Developers Need to Take Notice

By Sonal Thawani on April 19, 2019 vulnerability

Bad actors have recognized the power of open source and are now beginning to create their own attack opportunities. This new form of assault, allowing hackers to poison the well, is going to get

Read More...

3 Reasons Manual Policies Just Don’t Work

By Derek Weeks on June 10, 2014 Cyber Supply Chain Management and Transparency Act

Over the past four years, Sonatype has surveyed open source development organizations and year after year, we find that developers have the best intentions. They strive to build good quality code,

Read More...

An Open Discussion on Open Source Review Boards

By Derek Weeks on March 17, 2014 Sonatype Says

The recent FS-ISAC whitepaper, “Appropriate Software Security Control Types for Third Party Service and Product Providers”, reveals the majority of internal software applications created by financial

Read More...

The Tipping Point: Human Speed vs. Machine Speed

By Derek Weeks on March 05, 2014 Sonatype Says

What can the financial services industry learn from the U.S. Department of Homeland Security? In this third segment of my blog series on open source component security as it relates to the recently

Read More...

Financial Services Organizations have Open Eyes on Open Source

By Derek Weeks on February 20, 2014 Component Lifecycle Management

Financial Services Organizations have Open Eyes on Open Source

Read More...