Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Struts2 Breach at Equifax was 100% Preventable. Here's how.

By Ilkka Turunen on September 20, 2017 Nexus Lifecycle

The breach at Equifax is a siren call. It's time for organizations to approach the problem of managing open source software by using automated technology,

Read More...

Security Processes at the Apache Software Foundation (video and podcast)

By Mark Miller on September 15, 2017 Struts

In our continuing series on the Struts2 vulnerability announcement and the breach at Equifax, we spoke with Mark Thomas, Director, Apache Software

Read More...

A Struts2 Vulnerability Hurricane: Deserialization

By Derek Weeks on September 06, 2017 Struts

STORM UPDATE:

On Friday, September 8th, the massive breach of 143 million consumer records at Equifax was directly tied to Struts2.  

A Massive Storm

As the

Read More...

The 2014 Survey: Marked by an Industry Shock Wave

Wow! What an amazing turnout we had for our 4th annual survey: 3,353 participants this year brings us to over 11,000 participants in the four years we’ve

Read More...

Walking in the Open Source Component Garden

Its not everyday I can stop to enjoy my afternoon tea outside on my deck, overlooking my garden. But today I did and while admiring my beautiful blooming

Read More...

5 Things You Need to Know About Open Source Components

You can't get away from it. Thousands of open source components are being used in every industry, every day, to quickly build and deploy applications. For

Read More...

4 Open Source Components You Need to Update Right Now

Heartbleed has put the security community on notice: it is time to take a harder look at the security status of open source components and frameworks. After

Read More...

Important: Apache Struts Framework Security Alert

By Derek Weeks on August 13, 2013 Sonatype Says

The popular Apache Struts Framework, a toolkit used to build many of today’s web applications, has a critical vulnerability that was recently announced by the

Read More...