Sonatype Selected by Equifax to Support OS Governance Press Release


Steps to Responsible Disclosure with Bas van Schaik, Man Yue Mo and Brian Fox

By Mark Miller on March 20, 2018 struts2

On March 1, 2018, the team at Semmle announced a critical vulnerability in the Pivotal Spring framework. The vulnerability was found by security researcher


Struts2 Exploited Again.  Did Anyone Bother to Tell You?

By Brian Fox on March 10, 2017 oss

This week we saw the announcement of yet another Struts 2 Remote Code Exploit (RCE) vulnerability. What's notable about this instance is that POC code seems


Did you wake up to an alert about the Java Deserialization vulnerability?

By Brian Fox on November 13, 2015 oss

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their