Software Composition Analysis: A Matter of Perspective (and Experience)

2 minute read time

The SCA market is young - leaving everyone wrestling with a critical question: is it a security-centric, developer-centric, or a legal-centric endeavor? At Sonatype, we believe it's all of the above.

What can we learn from 200 Billion JavaScript downloads

By Derek Weeks on February 08, 2018 Javascript

6 minute read time

JavaScript packages downloaded from the npm repository now tops 200 billion downloads annually. We dissect what that means for the open source community.

Equifax and Struts: An Ounce of Prevention is Worth a Pound of Cure.

By Matt Howard on September 14, 2017 open source governance

3 minute read time

A $50 billion dollar question is begged. What, if anything, could Equifax have done differently to prevent the Struts breach from happening?