Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Equifax was 100% preventable -- But 18,000 others at risk

By Derek Weeks on December 17, 2018 vulnerabilities

Earlier today, Sonatype's Bill Karpovich appeared on Fox Business News to discuss the recent House report on the Equifax breach published by the Energy and


House Oversight Report: Equifax Open Source Breach Was Entirely Preventable

By Matt Howard on December 10, 2018 devsecops
This afternoon, the House Oversight Committee issued a report stating that the  Equifax breach was entirely preventable with basic open source security

How to Keep Vulnerable Versions of Struts Out of Your Nexus Repository

By Christopher Tolo on August 24, 2018 Nexus Lifecycle

When a new vulnerability is discovered in Apache Struts I am often asked by our customers, “Can I create a Firewall Policy in Nexus IQ Server to block all


Deja Vu All Over Again - Another New Apache Struts Vulnerability (CVE-2018-11776)

By Brian Fox on August 23, 2018 Nexus Lifecycle

Another remote code execution vulnerability in Apache’s Struts2 Framework was disclosed late yesterday - leaving many feeling like they’re having Deja Vu.


I Am A Serial Cryptominer: An Open Letter to Software Developers

By Hack Overflow on June 14, 2018 Devops

Gluttony: (Latin: gula, derived from the Latin gluttire meaning "to gulp down or swallow") means over-indulgence and over-consumption of food, drink, or


WSJ on Struts: Companies Still Downloading Flaw Linked to Equifax Breach

This morning, Kate Fazzini of The Wall Street Journal wrote an article titled “Companies Still Downloading Flaw that Led to Equifax Breach,” dissecting new


Eight More Struts Breaches

Earlier today, Robert Hackett at Fortune published an eye opening report on the number of organizations who continue to download known vulnerable open


Struts One-Two Punch Knocks Out India

The social security system of India, AADHAAR, was just breached due to a Struts related vulnerability exploited on their website.   If you are not familiar


Fooled twice by the same open source problem? Shame on you. The data behind CVE-2017-8046.

By Brian Fox on March 07, 2018 known vulnerability

Organizations keep software applications safe, not by chance, but by preparation. Record breaking exploits in 2017 suggest that companies were simply not