Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Steps to Responsible Disclosure with Bas van Schaik, Man Yue Mo and Brian Fox

By Mark Miller on March 20, 2018 Open Source

On March 1, 2018, the team at Semmle announced a critical vulnerability in the Pivotal Spring framework. The vulnerability was found by security researcher

Read More...

Struts2 Vulnerability Cracks Equifax

By Derek Weeks on September 09, 2017 Software Supply Chain

Four days ago, we saw a critical vulnerability in Struts2 that would leave web applications vulnerable to remote execution of code and enable direct access

Read More...

What you should know about the latest Struts2 Vulnerability (video and podcast)

By Mark Miller on September 08, 2017 OSS governance

UPDATE:  On Friday, September 8th, the massive breach of 143 million consumer records at Equifax was directly tied to Struts2.  

With the multiple

Read More...

A Struts2 Vulnerability Hurricane: Deserialization

By Derek Weeks on September 06, 2017 Struts

STORM UPDATE:

On Friday, September 8th, the massive breach of 143 million consumer records at Equifax was directly tied to Struts2.  

A Massive Storm

As the

Read More...