Luke Mcbride
Sonatype Blog

Another SolarWinds? The Latest Software Supply Chain Attack on 3CX

Another SolarWinds? The Latest Software Supply Chain Attack on 3CX

| | AppSec, Industry commentary, News and Views, open source, software supply chain
  ... Read More
Sonatype Blog
Visualize Your Open Source Governance With BOM Doctor

Visualize Your Open Source Governance With BOM Doctor

| | BOM Doctor, Open Source Tools, SBOM, sdlc, secure software supply chain
  ... Read More
Sonatype Blog
What is Hashing? A Look at Unique Identifiers in Software

What is Hashing? A Look at Unique Identifiers in Software

| | hashing, Open Source Security, secure software supply chain
  ... Read More
Sonatype Blog
Comparing SBOM Standards: SPDX vs. CycloneDX

Comparing SBOM Standards: SPDX vs. CycloneDX

| | CycloneDX, SBOM, software bill of materials, software supply chain automation, SPDX, SWID
In our 8th Annual State of the Software Supply Chain Report, we detailed upcoming government regulation coming to protect national interests globally. Because software is frequently built from third-party open source components, one key effort is tracking and managing those components ... Read More
Sonatype Blog
Project Highlights for World Open Source Day: My Open Source Tools

Project Highlights for World Open Source Day: My Open Source Tools

| | Everything Open Source, News and Views, Open Source Tools, World Open Source Day
  ... Read More
Sonatype Blog
Dependency Management: Versions Choice and the Software Supply Chain

Dependency Management: Versions Choice and the Software Supply Chain

| | open source, secure software supply chain
  ... Read More
Sonatype Blog

2023 Predictions: What Will Happen in Software Supply Chain Governance?

| | Industry commentary, News and Views, software supply chain
Around this time last year, InfoWorld called 2022 the “the year of software supply chain security.” Unfortunately, one year later still feels very much like we’re back at the beginning. Our data shows software supply chain attacks are on a radical incline, increasing an average of 742% yearly since 2019 ... Read More
Sonatype Blog

How does Developer Morale Affect My Software Supply Chain?

| | DevSecOps, Post developers/devops, State of the Software Supply Chain, survey
Most leaders know that happier employees can mean improved retention, which means less money chasing, hiring, and training new talent. As such, most companies see a clear connection between improved employee morale and business outcomes ... Read More
Sonatype Blog

5 Key Open Source Security Risks and How to Prevent Them

| | Nexus Lifecycle, open source security risks, OSS security, shift left
  ... Read More
Sonatype Blog

Perception Versus Reality: a Data-Driven Look at Open Source Risk Management

| | Events and Webinars, News and Views, open source, Post developers/devops, vulnerability
On October 18th, 2022, Sonatype published the 8th Annual State of the Software Supply Chain. The report is our ongoing contribution to a growing body of knowledge and software development using third-party open source software. One of the report’s primary authors and VP of Product Innovation Dr. Stephen Magill presented ... Read More
Sonatype Blog