Four Common Security Acronyms Explained

Editor’s Note: This is the first in a series of posts about the 2020 DevSecOps Reference Architecture developed by DJ Schleen. In this series DJ explains various parts of the pipeline architecture ...

Gartner: You Must Assess Overall Software Health and Welfare

Gartner’s recent report Technology Insight for Software Composition Analysis, makes four open-source security recommendations that companies should think about when determining what type of software composition analysis program they want to have ...
OSS for enterprises: Procure Secure Components Faster with Superior Developer Experience

It Pays to Discover Sonatype

The name of the presentation says it all: Procure Secure Components Faster with Superior Developer Experience. So announced Karthik Loganathan and Sheshagiri (Giri) Rao of Discover at the annual DevOps World | ...

A More Secure Web Needs Developers, Defenders, Advocates, and OSS

How’s that deodorant of yours working? If you wanted to hear yesterday’s presentation you had to crowd in, close -- it was standing room only. Sonatype’s Derek Weeks (@weekstweets) presented at Global ...

What Toyota Unlocked Decades Ago Drives Software Supply Chain Management Today

What secrets did Toyota unlock decades ago that drive the success of today’s software supply chain? Sonatype’s Matt Howard explained during a chat with Dave Bittner on an episode of The CyberWire ...

Free Software, But No Free Lunch

“This is a very important issue. Enterprises are not taking necessary precautions,” our SVP of Strategy and Corporate Development, Bill Karpovich, noted when talking about Fortune 100 cybersecurity ...

PyPi ‘Cheese Shop’ Malware Illustrates Software Supply Chain Risk Vector

Recent malware installed in PyPI underscores the need for code verification at the code repository level to defend the software supply chain ...

A World of Infinite Choice in Open Source Software

We recently released the fifth annual State of the Software Supply Chain Report in London. This year, we worked with Gene Kim and Dr. Stephen Magill to examine our largest data sample ...

What 36,000 OSS Projects and 12,000 Commercial Dev Teams Taught Us About Secure Coding Practices

After ten months of research which involved studying 36,000 open source software projects, 12,000 enterprise development teams, and 3.7 million open source releases, we are pleased to announce the arrival of the ...