Derek Weeks

Sonatype Blog

Following a growing trend in software supply chain attacks which use “dependency or namespace confusion” techniques, I sat down for a discussion on software supply chain security with a few experts on the topic ... Read More

Following the end of 2020 software supply chain attacks on SolarWinds that impacted multiple government agencies and private sector companies, President Biden issued a 2021 executive order  asking for a comprehensive review of all government supply chains ... Read More

If you didn’t know what a software supply chain was - let alone a software supply chain attack - you do now. As someone who’s been researching, studying and talking about this attack vector for the past seven years, the malicious attack on SolarWinds’ Orion leading to public and private ... Read More

An analysis of high performance open source development practices ... Read More

If money “makes the world ’go round” -- then today, software developers are the ones pushing and spinning the globe. Every day developers ensure that digital money (and other financial products and services) is securely routed around the planet as intended. And the happy ones do it best. The financial ... Read More

UPDATE for May 31, 2020: We first published this story over a week ago, but adversaries don't rest. On Friday, Cisco announced that they have discovered SaltStack compromises on six of their salt-master servers - part of the Cisco Internet Routing Lab Personal Edition service infrastructure. This brings the total ... Read More

I’ve now been working from home for 30 days since Maryland closed our public schools and advised its citizens distance themselves. It was also 30 days ago that we had nearly 1,000 executives and managers at State Farm preparing to receive a small group of All Day DevOps speakers for ... Read More

The results are in: happy developers working in teams with mature DevSecOps practices produce more secure software ... Read More

Jez Humble’s (@jezhumble) career has spanned roles through coding, infrastructure, and product development across three continents and organizations of varying sizes. To say he knows a lot about continuous delivery is a total understatement. In 2010, he and Dave Farley literally wrote the book on Continuous Delivery — and if you have ... Read More

Four years ago, my colleague Mark Miller and I founded the All Day DevOps conference with seven friends from around the community. We planned the conference in 90 days and expected 1,000 folks to show up to listen to the 57 speakers we had vetted for the agenda. As it ... Read More