Sonatype Selected by Equifax to Support OS Governance Press Release


WSJ on Struts: Companies Still Downloading Flaw Linked to Equifax Breach

By Elissa Walters on May 09, 2018 devsecops

This morning, Kate Fazzini of The Wall Street Journal wrote an article titled “Companies Still Downloading Flaw that Led to Equifax Breach,” dissecting new


Eight More Struts Breaches

Earlier today, Robert Hackett at Fortune published an eye opening report on the number of organizations who continue to download known vulnerable open


Malicious Intent: Open Source Developers, Please Protect Your Users

By Brian Fox on February 14, 2018 open source policies

For the second time in as many weeks we’re seeing the fallout of missteps taken by publishers of open source components. It was just last week that I wrote


Doctor, Doctor, Can't You See?  Congress Calls for Cybersecurity.

By Derek Weeks on November 17, 2017 software bill of materials

Prescribing a Software Bill of Materials

On November 16th, U.S. Congressman Greg Walden (R-OR) sent a letter to the U.S. Department of Health and Human


Medical Device Security: A New Look at Open Source Software

By Derek Weeks on June 04, 2017 Medical Device Security

We all do it. When we sense something wrong with our health, we often go to the internet, plug in our symptoms and try to diagnose the issue.  

In our


The Trump White House Takes Aim at Cybersecurity

By Derek Weeks on May 12, 2017 Cybersecurity

“The executive branch has for too long accepted antiquated and difficult–to-defend IT”, declared President Donald Trump in a new Executive Order released on


Nexus Repository Rising: Say Hello to the New Pro

By Derek Weeks on September 13, 2016 Nexus Repository Pro

Free Birds, Free Coffee, and Free Willy.  Software development  is hard enough, so we’re making it easier.  You see, a few years ago Sonatype made a promise


Government Asks: What’s in Your Software?

By Derek Weeks on July 29, 2016 DevOpsSec

U.S. Government pays closer attention to software components

Multiple agencies across the U.S. government are paying closer attention to the software they