Featured Article

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand it's impact, potential risks

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Rule over your dependencies and scan at your own open source risk

By Aaron Linskens on September 13, 2022 vulnerabilities

5 minute read time

A good way to make sure that your organization's vulnerabilities don't go unnoticed is conducting regular scans of open source used in your environments.
Read More...
Standard Wicket Good Development headline image
READ MORE

Wicked Good Development Episode 11: Vulnerability drills - The intention, habit, and impact

By Kadi Grigg on July 01, 2022 Software Supply Chain

27 minute read time

To prepare for the unexpected, check your code and run vulnerability drills to create muscle memory for engineering teams and build better software.
Read More...
Standard Wicket Good Development headline image
READ MORE

Wicked Good Development Episode 10: The evolution of supply chain attacks

By Kadi Grigg on June 14, 2022 Software Supply Chain

22 minute read time

This episode looks at how fraud detection and supply chain attacks are similar, the data science behind these systems, and developer behavior.
Read More...
Stylistic image of molecule chains
READ MORE

A non-programmer introduction to the software supply chain (Electron)

By Luke Mcbride on October 14, 2021 Software Supply Chain

3 minute read time

Connecting the larger use by the software industry of component programs to something most people have on their machine right now: The Electron Framework.
Read More...
US President Biden calls for comprehensive reviews of software supply chains.
READ MORE

White House releases executive order on America's software supply chains

By Derek Weeks on February 25, 2021 secure software supply chain

3 minute read time

Following recent SolarWinds attacks on multiple government agencies, US President Biden calls for comprehensive reviews of software supply chains.
Read More...
READ MORE

DevSecOps In The Age Of Containers

By Curtis Yanko on March 30, 2018 Software Supply Chain

3 minute read time

Containers and automated tools create new opportunities for software supply chains and opensource governance as well as system security.
Read More...
Screen Shot 2018-02-07 at 12.48.13 PM.png
READ MORE

The Hijacking of a Known GitHub ID: go-bindata

By Brian Fox on February 07, 2018 Software Supply Chain

2 minute read time

the creator of go-bindata deleted their @github account and someone else created a new account under the same name
Read More...
IMG_1167.jpg
READ MORE

Ann Winblad Reflects: The Rise of Software

By Derek Weeks on January 04, 2018 Software Supply Chain

3 minute read time

Imagine this: the 5 U.S. tech companies are annually investing $60 billion in R&D - close to the non-defense R&D budget of U.S. Government.
Read More...
iStock-187023602-1.jpg
READ MORE

Struts2 Vulnerability Cracks Equifax

By Derek Weeks on September 09, 2017 Software Supply Chain

3 minute read time

Equifax breach of 143 million consumer records linked to Struts2 open source vulnerability.
Read More...