The 2020 State of the Software Supply Chain Report is available!

Study Shows High-Performance Dev Teams Fix OSS Vulns 26x Faster | Press Release

blog-logo Sonatype Blog

Compliance as Code

By Pachi Carlson on July 06, 2020 Compliance
Compliance is a growing consideration for application security and must be managed.
Read More...

Money Doesn’t Buy Happiness, But Happy Developers Protect Money

By Derek Weeks on June 26, 2020 devsecops
Developers in mature DevOps practices are 1.2x happier than their grumpy peers in the financial sector. This impacts software security, and your wallet.
Read More...

DevSecOps & Chaos Engineering: Knowing the Unknown

By Derek Weeks on September 04, 2019 software testing
Aaron Rinehart (@aaronrinehart) dives into chaos engineering: what it is, why you need it, and how you can implement it in your organization.
Read More...

Why Software Composition Analysis (SCA) Demands Precision

Software Composition Analysis: Getting to the Signal Through the Noise, by 451 Research, demonstrates Sonatype's leadership in software composition analysis.
Read More...

Steps to Responsible Disclosure with Bas van Schaik, Man Yue Mo and Brian Fox

By Mark Miller on March 20, 2018 Open Source
In this episode of the OWASP 24/7 Podcast Series, I speak with the research team at Semmle on how they discovered the Pivotal Spring framework vulnerability.
Read More...

HackNYC 2018: Preview with Dr. Bill Curtis [Podcast]

By Mark Miller on February 01, 2018 OWASP
In May, at HackNYC 2018 in New York City, Dr. Bill Curtis' team of Tracie Gerardi and Lev Lesokhin will deliver a presentation on putting an end to "Technical Debt".
Read More...

Thoughts on Security in the Modern Software Supply Chain [Podcast Interview]

By Mark Miller on January 15, 2018 OWASP
A conversations about government vs public software security, the OWASP Top 10 and common security patterns in large scale projects.
Read More...