Managing Open Source Software Risks With the HeroDevs EOL Dashboard
Modern software delivery runs on open source. But as dependency graphs expand and application lifecycles stretch across years, end-of-life (EOL) components are becoming a structural security challenge ... Read More
Building Trusted AI Development With Kiro and Sonatype Guide
AI-powered development tools accelerate the production of software. But they also introduce a familiar challenge: how do you ensure that what's generated is secure, compliant, and trustworthy? ... Read More
How to Build a Software Supply Chain Security Playbook
In the first post in this series, we looked at why software supply chain risk has become a growing security challenge. Modern applications depend on sprawling ecosystems of open source packages, automated pipelines, cloud infrastructure, and AI-assisted tooling — all of which expand the attack surface ... Read More
The Evolution of Open Source Malware: From Volume to Trust Abuse
Open source malware is no longer just a numbers game. What was once largely a volume problem — thousands of malicious packages flooding public registries through typosquatting, brandjacking, and low-effort deception — has become something more precise and dangerous ... Read More
The Mythos AI Vulnerability Storm: What to Do Next
AI is transforming both software development and software risk ... Read More
Why Developer Experience Is the Foundation of DevSecOps Success
Application security is evolving. But for many organizations, execution still lags behind intent ... Read More
The Time Is Now to Prepare for CRA Enforcement
When the EU Cyber Resilience Act (CRA) was introduced into law in 2024, it represented one of the most significant regulatory shifts we've seen anywhere in the world with implications for how organizations build, ship, and maintain software. It establishes cybersecurity requirements for hardware and software products sold within the ... Read More
Why Software Supply Chain Security Requires a New Playbook
Software is being built faster than ever, but application security has not kept up ... Read More
Modernizing Nexus Repository: Moving Beyond OrientDB
If you're running Sonatype Nexus Repository or Sonatype Nexus Repository Community Edition (formerly known as Nexus Repository OSS) on OrientDB, you're operating on a legacy database architecture that is no longer aligned with current security and platform requirements ... Read More
AI, DevSecOps, and the Future of Application Security: The Gartner® Report
Even as organizations recognize the importance of application security, most still struggle to operationalize it at scale. That gap becomes harder to ignore as development accelerates, AI becomes embedded in workflows, and software supply chains grow more complex ... Read More
