Hot Topics

Brian Fox
Sonatype Blog

A demand for real consequences: Sonatype's response to CISA's Secure by Design

A demand for real consequences: Sonatype’s response to CISA’s Secure by Design

| | CISA best practices, Cybersecurity, government, News and Views, Thought Leaders
In the fast-changing fields of cybersecurity and software development, the importance of creating secure software is more crucial than ever. Recently, my colleagues and I at the Open Source Security Foundation (OpenSSF) finalized a response to the latest Secure by Design RFC from the Cybersecurity and Infrastructure Security Agency (CISA) ... Read More
Sonatype Blog
White House National Cybersecurity Strategy: Landmark Action for a Critical Threat

White House National Cybersecurity Strategy: Landmark Action for a Critical Threat

| | Cybersecurity, FEATURED, government, News and Views, software supply chain
The last decade has seen increased reliance on software across every part of our lives. In parallel, we’ve seen a massive increase in attacks on this digital infrastructure, causing harm to financial markets, hospitals, and ultimately human lives. While there has been an increasing understanding within the software industry of ... Read More
Sonatype Blog
election CISA risk CMMC Understanding the Power of SOAR for Government

Innovation at the Expense of Cybersecurity? No More!

| | cisa, Cybersecurity, homeland security, Innovation
Earlier this month, Jen Easterly and Eric Goldstein of the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security signaled a major shift in the federal government’s approach to cybersecurity risk and responsibility.  In their Foreign Affairs article Stop Passing the Buck on Cybersecurity, Easterly and Goldstein ... Read More
Security Boulevard
Is Cyber Liability Insurance a Moral Hazard in the US?

Is Cyber Liability Insurance a Moral Hazard in the US?

| | cyber liability insurance, Cyberliability, FEATURED, News and Views, secure software supply chain
  ... Read More
Sonatype Blog

Make Sure Your Company is Prepared for Evolving Liability Regulations

| | FEATURED, Liability Regulation, News and Views, Nexus Platform, software liability, Thought Leaders
  ... Read More
Sonatype Blog
The Shifting Landscape of Open Source Supply Chain Attacks - Part 3

The Shifting Landscape of Open Source Supply Chain Attacks – Part 3

| | agile development, FEATURED, News and Views, Open Source Security, secure software supply chain, Thought Leaders, Vulnerabilities
  ... Read More
Sonatype Blog
The Shifting Landscape of Open Source Supply Chain Attacks - Part 2

The Shifting Landscape of Open Source Supply Chain Attacks – Part 2

| | FEATURED, heartbleed, Log4j, News and Views, secure software supply chain, shellshock, Supply Chain Attacks, Thought Leaders
  ... Read More
Sonatype Blog
The Shifting Landscape of Open Source Supply Chain Attacks - Part 1

The Shifting Landscape of Open Source Supply Chain Attacks – Part 1

| | FEATURED, News and Views, secure software supply chain, Thought Leaders
  ... Read More
Sonatype Blog

EU Cyber Resilience Act: Good for Software Supply Chain Security, Bad for Open Source?

| | EU Cyber Resilience Act, News and Views, open source, Open source governances, SBOM, secure software supply chain
  ... Read More
Sonatype Blog

A Clear Path Forward Toward More Secure and Maintainable Open Source Software

| | FEATURED, Industry commentary, News and Views, OpenSSF
It’s rare to see a community truly come together for the common good, but that’s exactly what happened yesterday within our open source community.  We cherished the opportunity to participate in a conversation, led by the Open Source Security Foundation (OpenSSF), where industry, open source foundations, and government all came ... Read More
Sonatype Blog