Sonatype Introduces Next Generation Dependency Management | Press Release

blog-logo Sonatype Blog

Department of Homeland Security Cybersecurity: Top 10 Vulnerabilities Still Being Exploited

By April Downey on May 28, 2020 vulnerabilities
DHS CISA lists Apache Struts as a top vulnerability. Yet, evidence shows it is still being downloaded - on average, by 10,000 organizations a month.
Read More...

Equifax was 100% preventable -- But 18,000 others at risk

By Derek Weeks on December 17, 2018 vulnerabilities
Karpovich reflected on findings from the House report that the breach at Equifax was 100% preventable -- as the vulnerability at the root of the breach was one that had been publicly disclosed days
Read More...

House Oversight Report: Equifax Open Source Breach Was Entirely Preventable

By Matt Howard on December 10, 2018 devsecops
Equifax is not alone. In the last decade, there have been hundreds, if not thousands, of companies have suffered the exact same, easily preventable, mistake. If you want help eliminating open source
Read More...

How to Keep Vulnerable Versions of Struts Out of Your Nexus Repository

By Christopher Tolo on August 24, 2018 Nexus Lifecycle
Use Nexus Lifecycle Continuous Monitoring and Nexus Firewall to keep vulnerable versions of Apache Struts out of your software supply chain.
Read More...

Deja Vu All Over Again - Another New Apache Struts Vulnerability (CVE-2018-11776)

By Brian Fox on August 23, 2018 Nexus Lifecycle
Another remote code execution vulnerability in Apache’s Struts2 Framework was disclosed on August 22, 2018. Everything you need to know and how to find out if you're affected.
Read More...

I Am A Serial Cryptominer: An Open Letter to Software Developers

By Hack Overflow on June 14, 2018 Devops
An open letter to the DevOps community from a cryptocurrency miner.
Read More...

WSJ on Struts: Companies Still Downloading Flaw Linked to Equifax Breach

The Wall Street Journal discusses open-source governance, Struts and how companies are still downloading the flaw that led to the Equifax Breach
Read More...

Eight More Struts Breaches

When using vulnerable versions of the framework, organizations are breached. Everyone knows the Equifax story, but for folks like me who have been paying closer attention, the story also includes the
Read More...

Struts One-Two Punch Knocks Out India

The social security system of India, AADHAAR, was just breached due to a Struts related vulnerability exploited on their website. If you are not familiar with AADHAAR, it offers a 12-digital personal
Read More...