Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Nexus Intelligence Insights January 2019

By Elisa Velarde on January 25, 2019 Nexus Intelligence

 Happy New Year!

To kick off 2019 we will be covering a vulnerability that is complex in context. All developers are aware of the varieties of privilege


Equifax was 100% preventable -- But 18,000 others at risk

By Derek Weeks on December 17, 2018 OSS governance

Earlier today, Sonatype's Bill Karpovich appeared on Fox Business News to discuss the recent House report on the Equifax breach published by the Energy and


Open Source Software Is Under Attack; New Event-Stream Hack Is Latest Proof

By Brian Fox on November 27, 2018 event-stream

Earlier this year, I detailed a new battlefront for open source software based on the fact that bad actors are increasingly polluting public wells like npm


Welcome back to Nexus Intelligence Insights

By Elisa Velarde on November 12, 2018 vulnerabilities

Welcome back to Nexus Intelligence Insights.

This month, we’re covering a vulnerability type that until recently, has flown a bit under the radar:


A Lesson in Why “Security by Press Release” Is Detrimental

By Akshay 'Ax' Sharma on November 02, 2018 jQuery

Last week “news” broke about a 3-year old jQuery vulnerability that was just discovered, and had just been patched. On the surface, it sounded like a big


Introducing Nexus Intelligence Insights

By Elisa Velarde on October 12, 2018 Nexus Intelligence

Open Source vulnerabilities are an unfortunate fact of life. Vulnerable Open Source component downloads are up 12% over last year, and breaches involving


5 Things You Need to Know About Open Source Components

You can't get away from it. Thousands of open source components are being used in every industry, every day, to quickly build and deploy applications. For


4 Open Source Components You Need to Update Right Now

Heartbleed has put the security community on notice: it is time to take a harder look at the security status of open source components and frameworks. After