2021 State of the Software Supply Chain: Open Source Security and Dependency Management Take Center Stage
Over the past year, COVID-19 fundamentally transformed how people live and work, how companies interact with customers, how customers shop and buy, and how physical and digital supply chains function. As the economic importance of digital innovation accelerated during the global pandemic, so too did the number of cyber-attacks aimed ... Read More
Kaseya Ransomware: a Software Supply Chain Attack or Not?
Following the 4th of July weekend, our industry finds itself digesting the details of yet another large-scale and high-profile ransomware attack. This time its the exploitation of Kaseya’s network monitoring and remote management software. First surfacing on Friday afternoon July 2nd, 2021, this story quickly spread over the weekend in ... Read More
What Does NIST’s Definition of Critical Software Mean to You?
On May 12th, President Biden signed the 2021 Cybersecurity Executive Order (EO). Since then, I’ve thought a lot about what it really means for federally focused sellers and buyers of software and how it might practically improve the security of applications and strengthen our nation's cyber defenses. During this time ... Read More
Biden’s Executive Order on Improving National Cyber Defense: Everything You Need to Know You Learned in Kindergarten
On May 12, 2021, the Biden Administration issued its much anticipated Executive Order (EO) on Improving the Nation’s Cybersecurity ... Read More
Biden Executive Order on Cybersecurity Calls for Enhanced Software Supply Chain Security
The newly minted, and highly anticipated, Cybersecurity Executive Order from President Biden, marks the strongest stance ever taken by the Federal government in an attempt to secure our nation’s software supply chains from attack. For the first time in history, any company that sells software to the federal government will ... Read More
Sonatype + Muse: How Improved Code Quality Compliments Enterprise SAST
Last month Sonatype announced the acquisition of MuseDev, an innovative code analysis platform that does three things remarkably well: ... Read More
DevSecOps Leadership Forum: 500 Innovators Learning from Shared Experiences
A week ago we hosted the North American DevSecOps Leadership Forum. It was an online event and an amazing experience in which we assembled 500+ software development, application security, and IT operations professionals to share experiences and learn from one another. The purpose of this post is to provide a ... Read More
DevSecOps Leaders: The Conversation Continues Online, May 7th
Over the past several years our team at Sonatype has organized and hosted more than 30 DevSecOps Leadership Forums (DLF) around the world. When we held our very first DLF event, the goal was simple: gather technology innovators from regional business communities to share experiences and learn from one another ... Read More
Sonatype: Fighting COVID-19 Together
The world is facing an unprecedented challenge with communities and economies everywhere affected by the growing COVID-19 pandemic. That's the bad news. The good news however is that the entire world -- governments, universities, corporations, health care workers, communities, and individual citizens -- are coming together and sharing resources to ... Read More
The “Big Hack” That Actually Happened – Chinese Military Implicated in Equifax Breach
In October 2018, Bloomberg published an article titled “The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies,” that sent shockwaves around the world. The implication - Chinese spies infiltrated nearly 30 U.S. companies by embedding malicious microchips in Supermicro motherboards. The motherboards, which were presumed to ... Read More
