Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

What 36,000 OSS Projects and 12,000 Commercial Dev Teams Taught Us About Secure Coding Practices

By Derek Weeks on June 25, 2019 Software Supply Chain
Our 2019 State of the Software Supply Chain Report Reveals Best Practices From 36,000 OSS Dev Teams and 12,000 commercial software engineering teams.
Read More...

DevSecOps In The Age Of Containers

By Curtis Yanko on March 30, 2018 Software Supply Chain
Containers and automated tools create new opportunities for software supply chains and opensource governance as well as system security. DevSecOps, application and system security are all visible in
Read More...

The Hijacking of a Known GitHub ID: go-bindata

By Brian Fox on February 07, 2018 Software Supply Chain
the creator of go-bindata deleted their @github account and someone else created a new account under the same name
Read More...

Ann Winblad Reflects: The Rise of Software

By Derek Weeks on January 04, 2018 Software Supply Chain
Imagine this: the 5 U.S. tech companies are annually investing $60 billion in R&D - close to the non-defense R&D budget of U.S. Government.
Read More...

Struts2 Vulnerability Cracks Equifax

By Derek Weeks on September 09, 2017 Software Supply Chain
Equifax breach of 143 million consumer records linked to Struts2 open source vulnerability.
Read More...

The Trump White House Takes Aim at Cybersecurity

The Trump White House Takes Aim at Cybersecurity. Introduces Executive Order: STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE.
Read More...

DevSecOps: Eat Carrots, Not Cupcakes

By Derek Weeks on March 23, 2017 Software Supply Chain
In DevSecOps, security automation is more strategic than ever and key to survival. When it comes to software development, simple rules and advice from nutritional labels aren’t always there for us.
Read More...

Struts2 Exploited Again.  Did Anyone Bother to Tell You?

By Brian Fox on March 10, 2017 oss

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their inclusion of Apache commons-collection. If you

Read More...

DevSecOps: Better Software, Faster

By Derek Weeks on February 08, 2017 repository health check
1 in 16 open source and third-party components downloaded last year included a known vulnerability. That may not seem like too many until you realize the average company downloads well over 200,000
Read More...