Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

Ryan Lockard Names the Seven Deadly Sins of DevSecOps [VIDEO]

By Mark Miller on April 02, 2020 AppSec
Failures are an opportunity to reflect, inspect, and improve DevSecOps practices every day. Which of these have you experienced, and what did you learn?
Read More...

Sladjana Jovanovic and Bill McArthur Move Silos to Communities [VIDEO]

By Mark Miller on March 19, 2020 AppSec
When we break down the barriers to communication and collaboration, we thrive as humans and as organizations. Sladjana Jovanovic shares her experiences.
Read More...

Why Manual Verification Still Matters

By Peter Morlion on March 10, 2020 AppSec
We continuously hear the benefits of automation. Jeroen Willemsen explains why we still need to perform manual checks.
Read More...

For Distributed Teams, It’s Not All About the Tools

By Mark Kilby on February 26, 2020 Teamwork
A great distributed team starts with people with strong collaboration skills. The team needs time to understand each other's preferences to deliver value.
Read More...

Larry Maccherone Says Pixie Dust Security is an Epic Failure [VIDEO]

By Mark Miller on February 18, 2020 AppSec
A fundamental DevSecOps failure, according to Comcast's Larry Maccherone, is believing that a sprinkle of pixie dust makes a completed application secure.
Read More...

What Does the New CVSS 3.1 Scoring Model Mean for Enterprise Security?

By Akshay 'Ax' Sharma on February 17, 2020 vulnerabilities
Learn how CVSS 3.1 is different from earlier versions and why changes to this security rating matters.
Read More...

Get the Latest DevSecOps Reference Architecture

By DJ Schleen on February 13, 2020 reference architecture
Based on community feedback the 2020 DevSecOps Reference Architecture now includes continuous education, mobile delivery, and rearrangement of controls.
Read More...

Three DevSecOps Lessons Drawn from Conversations with 45 CISOs

By Matt Howard on January 29, 2020 CISO
CISOs reduce risk and significantly improve an organization's IT security posture by shifting more resources to the beginning of the digital supply chain.
Read More...

How to Use Sonatype OSS Index to Identify Security Vulnerabilities

By Casey Dunham on January 09, 2020 github
OSS Index enables developers to quickly find vulnerabilities in any library with an easy-to-use search feature. Learn more, and how to access the plugins.
Read More...