Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
GettyImages-1075234744
READ MORE

Security Organizations Need to Start Thinking Like Developers

By DJ Schleen on July 30, 2019 security

2 minute read time

Developers must think more securely, and security teams need to learn more development skills. Cross-discipline awareness strengthens software development.
Read More...
no-free-lunch
READ MORE

Free Software, But No Free Lunch

By Katie McCaskey on July 25, 2019 security

2 minute read time

Today's threat surface is the software itself. How can Fortune 100 companies and others protect themselves? One security practice is counterintuitive.
Read More...
GettyImages-530418574
READ MORE

PyPi 'Cheese Shop' Malware Illustrates Software Supply Chain Risk Vector

By Katie McCaskey on July 22, 2019 dependency injection

3 minute read time

Malicious actors circumvented the PyPI package repo manager, a classic case demonstrating why understanding open source code dependencies is critical.
Read More...
jj-ying-PDxYfXVlK2M-unsplash
READ MORE

Achieving a Managed State Model For Your Software Supply Chain

3 minute read time

Secure software development processes share attributes with other human endeavors such as cooking, reading, and sports, says Santi Mulukutla of Sonatype.
Read More...
GettyImages-1088692360
READ MORE

DevSecOps: Security at the Speed of DevOps

By Katie McCaskey on June 18, 2019 devsecops

3 minute read time

Larry Maccherone of Comcast shares his DevSecOps Manifesto and strategies he's used to foster the cultural change necessary to implement DevSecOps.
Read More...
GettyImages-919509810
READ MORE

Malicious Code Injection Strikes Again as npm Foils $13M Cryptocurrency Theft

By Derek Weeks on June 07, 2019 vulnerabilities

2 minute read time

The latest attempt at a cryptocurrency heist demonstrates how open source software components are used throughout the cryptocurrency ecosystem.
Read More...
GettyImages-915999954
READ MORE

From Burping to Flying - Red Teaming with Nexus at Intuit

By Mark Henke on May 24, 2019 devsecops

3 minute read time

Security is too important to leave out of DevOps. Learn why, and how to unite the two, from Shannon Lietz's 2018 Nexus User Conference session.
Read More...
GettyImages-1073609342
READ MORE

Alexa: What’s the Future of Cyber Security?

By Katie McCaskey on May 02, 2019 devsecops

5 minute read time

The software supply chain connects everyone and everything but attacks to this connected web can be blatant and overt, with damaging consequences - especially.
Read More...
GettyImages-1078726270
READ MORE

Malicious Attacks On Open Source Are Going to Get Worse: Developers Need to Take Notice

By Sonal Thawani on April 19, 2019 vulnerability

2 minute read time

Bad actors have recognized the power of open source and are now beginning to create their own attack opportunities.
Read More...