Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

Getting Started with Sonatype Vulnerability Analysis

By Omkar Hiremath on March 26, 2020 vulnerabilities

7 minute read time

Sonatype Vulnerability Scanner is a free tool that scans your application for vulnerabilities and reports on its analysis.

Read More...

OWASP Security Knowledge Framework

By Daniel Longest on March 24, 2020 security

4 minute read time

OWASP's security knowledge framework (SKF) is a method to help web and app developers establish best practices at each stage of product development.

Read More...

Most common security acronyms explained

By DJ Schleen on March 02, 2020 security

8 minute read time

SAST, DAST, CSA, OSSM, SCA? What do these acronyms mean, what exactly do they do, and why does it matter?

Read More...

What Does the New CVSS 3.1 Scoring Model Mean for Enterprise Security?

By Ax Sharma on February 17, 2020 vulnerabilities

3 minute read time

Learn how CVSS 3.1 is different from earlier versions and why changes to this security rating matters.

Read More...

Why Does Security Matter For DevOps?

By Derek Weeks on October 01, 2019 security

4 minute read time

Caroline Wong (@CarolineWMWong) explains why organizations that use DevOps are 2X more likely to succeed than peers.

Read More...

A More Secure Web Needs Developers, Defenders, Advocates, and OSS

By Katie McCaskey on September 13, 2019 security

2 minute read time

The largest gathering of Infosec professionals met in Washington, D.C. to discuss the future of web security. Open source software is at the core of it.

Read More...

Security Organizations Need to Start Thinking Like Developers

By DJ Schleen on July 30, 2019 security

2 minute read time

Developers must think more securely, and security teams need to learn more development skills. Cross-discipline awareness strengthens software development.

Read More...

Free Software, But No Free Lunch

By Katie McCaskey on July 25, 2019 security

2 minute read time

Today's threat surface is the software itself. How can Fortune 100 companies and others protect themselves? One security practice is counterintuitive.

Read More...

How are Federal Agencies Implementing DevOps & System Modernization

By Derek Weeks on November 29, 2016 security

2 minute read time

Learn how the Department of Homeland Security (DHS) is leading the DevOps charge with a recent project to modernize mission-critical systems at USCIS.

Read More...

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

Getting Started with Sonatype Vulnerability Analysis

OWASP Security Knowledge Framework

Most common security acronyms explained

What Does the New CVSS 3.1 Scoring Model Mean for Enterprise Security?

Why Does Security Matter For DevOps?

A More Secure Web Needs Developers, Defenders, Advocates, and OSS

Security Organizations Need to Start Thinking Like Developers

Free Software, But No Free Lunch

How are Federal Agencies Implementing DevOps & System Modernization

Secure your software supply chain

Subscribe for all the latest software security news and events