What Does the New CVSS 3.1 Scoring Model Mean for Enterprise Security?

By Ax Sharma on February 17, 2020 vulnerabilities

3 minute read time

Learn how CVSS 3.1 is different from earlier versions and why changes to this security rating matters.
Read More...

Get the Latest DevSecOps Reference Architecture

By DJ Schleen on February 13, 2020 reference architecture

2 minute read time

Based on community feedback the 2020 DevSecOps Reference Architecture now includes continuous education, mobile delivery, and rearrangement of controls.
Read More...

Three DevSecOps Lessons Drawn from Conversations with 45 CISOs

By Matt Howard on January 29, 2020 CISO

3 minute read time

CISOs reduce risk and significantly improve an organization's IT security posture by shifting more resources to the beginning of the digital supply chain.
Read More...

How to Use Sonatype OSS Index to Identify Security Vulnerabilities

By Casey Dunham on January 09, 2020 github

8 minute read time

OSS Index enables developers to quickly find vulnerabilities in any library with an easy-to-use search feature. Learn more, and how to access the plugins.
Read More...

Why You Need a Software Bill of Materials More Than Ever

By Katie McCaskey on December 05, 2019 software bill of materials

5 minute read time

Enterprises need to know what open source components are in their software at all times. If you don't have a software bill of materials, you're already behind.
Read More...

Nexus Lifecycle Now Integrates with Red Hat Clair to Secure Containers Across the SDLC

By Michelle Dufty on November 25, 2019 featured

2 minute read time

Sonatype is automating container security via an open API that makes it easy for third-party container scanners to integrate with Nexus Lifecycle - starting with Red Hat Clair.
Read More...

5 Ways Your Organization Benefits from DevSecOps

By Ax Sharma on November 14, 2019 devsecops

4 minute read time

It's important to understand why DevSecOps matters in this day and age of security breaches and what the pragmatic benefits are for your organization.
Read More...

DevSecOps Elite and Their Reference Architecture

By Katie McCaskey on October 25, 2019 devsecops

3 minute read time

Derek Weeks and DJ Schleen provide insights into the practices and toolsets used by DevSecOps professionals. Watch their DevOps World presentations here.
Read More...

Make Sure to Cover Your Auth

By Derek Weeks on October 23, 2019 devsecops

2 minute read time

Aditya Balapure (@adityabalapure) explores how authentication has evolved and makes recommendations for DevSecOps teams to improve their security.
Read More...