Vor Security brings OSS Index to Sonatype

By Brian Fox on June 29, 2017 vulnerability

2 minute read time

Vor Security acquisition, extended language coverage, ossindex.net
Read More...

Struts2 Exploited Again.  Did Anyone Bother to Tell You?

By Brian Fox on March 10, 2017 oss

5 minute read time

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their inclusion of Apache commons-collection. If you

Read More...

Did you wake up to an alert about the Java Deserialization vulnerability?

By Brian Fox on November 13, 2015 oss

4 minute read time

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their inclusion of Apache commons-collection. If you

Read More...

Nigel’s Wake-up Call: Scaling Open Source Governance

3 minute read time

Nigel’s Wake-up Call: Scaling Open Source Governance
Read More...