Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Nexus Intelligence Insights: CVE-2014-3483 - SQL Injection in PostgreSQL adapter for Active Record against 'range' data type

By Elisa Velarde on March 29, 2019 vulnerability
In this month's Nexus Intelligence Insights we discuss an older component that is used by millions of developers. Say hello to CVE-2014-3483, a SQL injection vulnerability.
Read More...

DevSecOps, Germs, and Steel: Tales from 5,558 Pros

By Derek Weeks on March 04, 2019 vulnerabilities
We queried 5,558 developers and DevOps pros in our 2019 DevSecOps Community Survey (6th annual) to better understand what advances they've made, training they've received, and challenges they've
Read More...

Nexus Intelligence Insights: CVE-2014-3603 — Lack of Hostname Verification in OpenSAML

By Akshay 'Ax' Sharma on February 26, 2019 vulnerability
In this month's Nexus Intelligence Insights we discuss an older component, but one that is widely used across a variety of ecosystems, and has a vulnerability that could be catastrophic. Say hello to
Read More...

Nexus Intelligence Insights - CVE-2017-5662 - Cross-Site Scripting (XSS)

By Elisa Velarde on January 25, 2019 vulnerabilities
Nexus Intelligence Insights - CVE-2017-5662 - Cross-Site Scripting (XSS)
Read More...

Equifax was 100% preventable -- But 18,000 others at risk

By Derek Weeks on December 17, 2018 vulnerabilities
Karpovich reflected on findings from the House report that the breach at Equifax was 100% preventable -- as the vulnerability at the root of the breach was one that had been publicly disclosed days
Read More...

Open Source Software Is Under Attack; New Event-Stream Hack Is Latest Proof

By Brian Fox on November 27, 2018 vulnerabilities
Open source software is under attack, and the malicious attack on the popular npm event-stream 3 package, is just the latest proof.
Read More...

Nexus Intelligence Insights - CVE-2018-10237- Guava Vulnerability

By Elisa Velarde on November 12, 2018 vulnerabilities
Welcome back to Nexus Intelligence Insights
Read More...

A Lesson in Why “Security by Press Release” Is Detrimental

By Akshay 'Ax' Sharma on November 02, 2018 vulnerabilities
Last week news broke about a 3-year old jQuery vulnerability that was just discovered, and had just been patched - sending many into a frenzy. The reality, however, is this is an old vulnerability
Read More...

Introducing Nexus Intelligence Insights

By Elisa Velarde on October 12, 2018 vulnerabilities
Nexus Intelligence Insights
Read More...