CVE-2023-50164: Another vulnerability in the widely used Apache Struts2 component
Yet another remote code execution vulnerability in Apache’s Struts2 Framework has been discovered - leaving many with strong feelings of Deja Vu. If you're a developer, it's not unreasonable to be concerned about how you may spend the final weeks of 2023 ... Read More
What goes great with SLSA? Sonatype.
In our previous blog post, we delved into the critical role of SLSA in bolstering software supply chain security. Shifting the focus, this post centers on the seamless compatibility between SLSA and Sonatype products, highlighting the powerful synergy that can enhance your software security efforts ... Read More
How can SLSA help secure your software supply chain?
The best software development teams are constantly looking for ways to secure their software supply chains, ensuring the authenticity and quality of open source software components they consume. Just as food products should have a set of safety guidelines to ensure the ingredient list is credible and untampered, software products ... Read More
How the SEC charges against SolarWinds highlight the cybersecurity liability of software companies
On October 30, 2023, the Securities and Exchange Commission (SEC) filed a civil complaint against SolarWinds Corporation and its chief information security officer, Timothy G. Brown, for violating federal securities laws by making false and misleading statements about its cybersecurity practices and known risks ... Read More
How manufacturing best practices can improve open source consumption and software supply chains
The biggest problem facing software organizations today is an inability to track, monitor, and improve the usage of open source software. This isn’t about security alone. From DevOps to DevSecOps, there are fundamental principles that the best development teams use to guide open source software consumption. Many of these best ... Read More
