Sonatype Selected by Equifax to Support OS Governance Press Release


Application Security Risk in 2019: It's All About The Supply Chain

It’s that time of year again – time to reminisce on the past year and prepare our organizations to tackle the opportunities and challenges that lie ahead in


Equifax was 100% preventable -- But 18,000 others at risk

By Derek Weeks on December 17, 2018 OSS governance

Earlier today, Sonatype's Bill Karpovich appeared on Fox Business News to discuss the recent House report on the Equifax breach published by the Energy and


Three Days of DevSecOps: Lessons from Equifax

By Derek Weeks on September 25, 2018 devsecops

Three days in March 2017 continuously come up in DevSecOps conversations I am having with friends across the community.  While most people tie the three days


Deja Vu All Over Again - Another New Apache Struts Vulnerability (CVE-2018-11776)

By Brian Fox on August 23, 2018 struts breach

Another remote code execution vulnerability in Apache’s Struts2 Framework was disclosed late yesterday - leaving many feeling like they’re having Deja Vu.


Struts One-Two Punch Knocks Out India

By Derek Weeks on May 02, 2018 struts breach

The social security system of India, AADHAAR, was just breached due to a Struts related vulnerability exploited on their website.   If you are not familiar


Mr. Smith Goes to Washington: Lessons Learned from Equifax in Congress

By Matt Howard on October 03, 2017 equifax

This article published yesterday in Gizmodo -- and this one published this morning in the Wall Street Journal shed light on what Rick Smith, former Equifax


Equifax and Struts: An Ounce of Prevention is Worth a Pound of Cure.

By Matt Howard on September 14, 2017 equifax

Last week Equifax announced that it had suffered a massive security breach that exposed Social Security numbers and addresses, of up to 143 million