One in Six Developers in Healthcare Report Open Source Breaches | Press Release

blog-logo Sonatype Blog

How to Better Navigate the World of DevSecOps with Sonatype and Saltworks Security

By Tanya Feghali on July 28, 2020 Open Source
Sonatype and Saltworks talk about how to deliver higher quality software faster while securely taking advantage of everything open source has to offer.
Read More...

"WTF is DevSecOps?"

By Elizabeth Kathure on May 27, 2020 devsecops
DevSecOps is a great idea. But it means security engineers, DevSecOps teams, and developers working together.
Read More...

Getting Your Security Program to Shift Left: Operationalizing Security Controls via DevSecOps

By Daniel Longest on May 21, 2020 shift left
Map the automation opportunities into your software development lifecycle as part of coordinated strategies to shift security left.
Read More...

Ryan Lockard Names the Seven Deadly Sins of DevSecOps [VIDEO]

By Mark Miller on April 02, 2020 AppSec
Failures are an opportunity to reflect, inspect, and improve DevSecOps practices every day. Which of these have you experienced, and what did you learn?
Read More...

Sladjana Jovanovic and Bill McArthur Move Silos to Communities [VIDEO]

By Mark Miller on March 19, 2020 AppSec
When we break down the barriers to communication and collaboration, we thrive as humans and as organizations. Sladjana Jovanovic shares her experiences.
Read More...

Why Manual Verification Still Matters

By Peter Morlion on March 10, 2020 AppSec
We continuously hear the benefits of automation. Jeroen Willemsen explains why we still need to perform manual checks.
Read More...

For Distributed Teams, It’s Not All About the Tools

By Mark Kilby on February 26, 2020 Teamwork
A great distributed team starts with people with strong collaboration skills. The team needs time to understand each other's preferences to deliver value.
Read More...

Larry Maccherone Says Pixie Dust Security is an Epic Failure [VIDEO]

By Mark Miller on February 18, 2020 AppSec
A fundamental DevSecOps failure, according to Comcast's Larry Maccherone, is believing that a sprinkle of pixie dust makes a completed application secure.
Read More...

What Does the New CVSS 3.1 Scoring Model Mean for Enterprise Security?

By Akshay 'Ax' Sharma on February 17, 2020 vulnerabilities
Learn how CVSS 3.1 is different from earlier versions and why changes to this security rating matters.
Read More...