Why Manual Verification Still Matters

By Peter Morlion on March 10, 2020 AppSec

4 minute read time

We continuously hear the benefits of automation. Jeroen Willemsen explains why we still need to perform manual checks.
Read More...

For Distributed Teams, It’s Not All About the Tools

By Mark Kilby on February 26, 2020 Teamwork

4 minute read time

A great distributed team starts with people with strong collaboration skills. The team needs time to understand each other's preferences to deliver value.
Read More...

Larry Maccherone Says Pixie Dust Security is an Epic Failure [VIDEO]

By Mark Miller on February 18, 2020 AppSec

1 minute read time

A fundamental DevSecOps failure, according to Comcast's Larry Maccherone, is believing that a sprinkle of pixie dust makes a completed application secure.
Read More...

What Does the New CVSS 3.1 Scoring Model Mean for Enterprise Security?

By Ax Sharma on February 17, 2020 vulnerabilities

3 minute read time

Learn how CVSS 3.1 is different from earlier versions and why changes to this security rating matters.
Read More...

Get the Latest DevSecOps Reference Architecture

By DJ Schleen on February 13, 2020 reference architecture

2 minute read time

Based on community feedback the 2020 DevSecOps Reference Architecture now includes continuous education, mobile delivery, and rearrangement of controls.
Read More...

Three DevSecOps Lessons Drawn From Conversations With 45 CISOs

By Matt Howard on January 29, 2020 CISO

3 minute read time

CISOs reduce risk and significantly improve an organization's IT security posture by shifting more resources to the beginning of the digital supply chain.
Read More...

How to Use Sonatype OSS Index to Identify Security Vulnerabilities

By Casey Dunham on January 09, 2020 github

8 minute read time

OSS Index enables developers to quickly find vulnerabilities in any library with an easy-to-use search feature. Learn more, and how to access the plugins.
Read More...

Why You Need a Software Bill of Materials More Than Ever

By Katie McCaskey on December 05, 2019 software bill of materials

5 minute read time

Enterprises need to know what open source components are in their software at all times. If you don't have a software bill of materials, you're already behind.
Read More...

Nexus Lifecycle Now Integrates With Red Hat Clair to Secure Containers Across the SDLC

By Michelle Dufty on November 25, 2019 featured

2 minute read time

Sonatype is automating container security via an open API that makes it easy for third-party container scanners to integrate with Nexus Lifecycle - starting with Red Hat Clair.
Read More...