DevSecOps Leadership Forum: 500 Innovators Learning from Shared Experiences
A week ago we hosted the North American DevSecOps Leadership Forum. It was an online event and an amazing experience in which we assembled 500+ software development, application security, and IT operations professionals to share experiences and learn from one another. The purpose of this post is to provide a ... Read More
DevSecOps Leaders: The Conversation Continues Online, May 7th
Over the past several years our team at Sonatype has organized and hosted more than 30 DevSecOps Leadership Forums (DLF) around the world. When we held our very first DLF event, the goal was simple: gather technology innovators from regional business communities to share experiences and learn from one another ... Read More
Sonatype: Fighting COVID-19 Together
The world is facing an unprecedented challenge with communities and economies everywhere affected by the growing COVID-19 pandemic. That's the bad news. The good news however is that the entire world -- governments, universities, corporations, health care workers, communities, and individual citizens -- are coming together and sharing resources to ... Read More
The “Big Hack” That Actually Happened – Chinese Military Implicated in Equifax Breach
In October 2018, Bloomberg published an article titled “The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies,” that sent shockwaves around the world. The implication - Chinese spies infiltrated nearly 30 U.S. companies by embedding malicious microchips in Supermicro motherboards. The motherboards, which were presumed to ... Read More
Three DevSecOps Lessons Drawn from Conversations with 45 CISOs
Recently, I moderated round table discussions between dozens of CISOs at Evanta CISO Summits in Chicago and Atlanta. My colleague, Michelle Dufty, moderated a similar event in San Francisco ... Read More
Sonatype Nexus is Rising Above the Swamp
In case you missed it -- our rival JFrog published this blog post on Thursday. Amidst the hyperbole, JFrog made a few statements that are true, and numerous that are rooted in fear mongering, falsehoods and gimmicky marketing tactics. Please, allow me to explain ... Read More
In the Dark About Supply Chain Vulnerabilities
The software supply chain can create a seemingly endless attack surface. Here’s what you can do to better protect it. Is the “Barium” hacking collective Chinese? Russian? North Korean? It really doesn’t matter. What we know for sure is that their tactics are new, pervasive and exceptionally dangerous. Barium’s tactics ... Read More
