A Clear Path Forward Toward More Secure and Maintainable Open Source Software
It’s rare to see a community truly come together for the common good, but that’s exactly what happened yesterday within our open source community. We cherished the opportunity to participate in a conversation, led by the Open Source Security Foundation (OpenSSF), where industry, open source foundations, and government all came ... Read More
Why Sonatype is Acquiring MuseDev
Ask any software developer, and they will tell you the truth about two things: Conventional code analysis and application security tools are overly noisy and generally not well integrated into the developer workflow. Tools that don’t actually make life easier for developers are perceived as friction and commonly ignored. Rather ... Read More
Why Namespacing Matters in Public Open Source Repositories
Yesterday we saw the disclosure of a report showing how a security researcher was able to successfully infiltrate 35+ name brand companies, primarily via npm. Ironically, the mechanism used to perpetrate the attack, what’s being called namespace confusion or dependency confusion, is one that I’m quite familiar with and has ... Read More
Dear Bintray and JCenter Users – Here’s What You Need to Know About The Central Repository
If you’re freaking out because JFrog announced it's sunsetting Bintray and JCenter, and are concerned about moving your Java components into The Central Repository, I want to first and foremost say - don’t worry. We’re here for you and I personally want to make sure you feel prepared for that ... Read More
