The No-Fix Mediums? Not Having a High Priority Doesn’t Mean Low Danger
Development teams are using more and more open source component software every day. These components are developed and maintained outside of your organization, and are often analyzed by researchers and the software community. When a flaw or coding mistake is found that could be exploited, it’s published as a vulnerability ... Read More
Open source licensing shift: Fedora blocks Creative Commons CC0
Even organizations that are fully dedicated to software development don’t want to spend their time and competitive energy chasing software compliance. But ignoring changing legal requirements is dangerous ... Read More
How to Manage Your Open Source Licenses in 2022
Organizations are absorbing a huge amount of open source component software. These tools come with unique requirements that are becoming unwieldy to resolve. Companies are asking for problems both by allowing licenses they should not and by not fulfilling the requirements of those licenses. You need automation to help manage ... Read More
Major Government Attack Highlights How Log4j is Still Unresolved
News of a major exploit using the Log4j vulnerability four months after its disclosure has been a painful reminder that the issue is still a serious problem. Reports are now linking China’s APT41 hacking group with breaching at least 6 U.S. state government networks and the situation may go from ... Read More
Open source and diversity in tech: Women@Sonatype
There is proven value in hiring a diverse workforce; doing so benefits both company performance and your bottom line. An October 2021 Gartner survey highlights diversity as a top human resource concern in 2022. Today, in honor of International Women’s Day , part of Women’s history month, we’re talking to ... Read More
A Non-Programmer Introduction to the Software Supply Chain (Electron)
A topic that comes up frequently at Sonatype is something called the “software supply chain.” The term is based on how supply companies send parts to manufacturers who assemble them into things like cars, laptops, and musical instruments. This “chain” is an important focus because the connected links of a ... Read More
Software Supply Chains: an Introductory Guide
The vast majority of developers today don’t develop software from the ground-up and instead rely on third-party resources when creating software. By using pre-built libraries and open source components, engineers can expedite development and reduce production costs, bringing products to market faster ... Read More
Are You Still Wondering About Dependency Confusion Attacks?
Recently, the Biden White House released an Executive Order detailing new requirements to address cybersecurity and secure software development, as it relates to national security. This order addresses a variety of issues on detection, reporting, remediation, and standards, including the increasing attacks on software supply chains. However, one recent and ... Read More
