Industry commentary

WhatsApp Security Flaw Stems from Vulnerable Open Source Library

What Developers Need to Know About WhatsApp’s Recent Security Dilemma

| | application health, AppSec, embedded malicious code, Industry commentary, malware prevention, open source application scan
Last week, reports, like this one from Dark Reading, surfaced a remotely exploitable bug found in Facebook’s popular WhatsApp chat app, that spies on users and specifically targeted human rights groups. Facebook ...
Sonatype Blog

Sonatype Hosts Global Gatherings of DevSecOps Leaders and Innovators

| | Industry commentary, Leadership, News and Views, Post security/devsecops, software innovation, Thought Leaders
The month of October is dedicated to intimate gatherings of DevSecOps professionals, thought leaders, and decision makers in cities across North America and Europe. Participants tell us that these forums and roundtables ...
Sonatype Blog

Security Should Stop Being a Drag

| | AppSec, deployment, Deployment Pipeline, DevSecOps, FEATURED, Industry commentary, Post security/devsecops, shift left
About a year ago during my talk at the Nexus User Conference, and during a Virtual Session for RSA Conference APJ, I mentioned that a pipeline shouldn’t fail just because a security ...
Sonatype Blog

NIST Proposes Standards to Secure Government SDLC

| | component governance, Everything Open Source, government open source software (GOSS), Industry commentary, open source, open source goveranance, Open Source Security
Earlier this Summer, the National Institute of Standards and Technology (NIST), a part of the U.S. Chamber of Commerce, proposed a set of standards to address software supply chain attacks - and ...
Sonatype Blog

Why Software Composition Analysis (SCA) Demands Precision

| | FEATURED, Industry commentary, News and Views, Software Composition Analysis, software innovation, Software Security
As leaders in software composition analysis (SCA), we know its role throughout today’s software supply chain. SCA was born out of necessity. How else could innovators discover, identify, and track open source ...
Sonatype Blog

Using Process Oriented Design (POD) to Increase the Dependability of DevOps Processes

| | DEVOPS, Enterprise DevOps, Industry commentary, News and Views, Process Oriented Design (POD)
For many users, software often isn’t really appreciated until something breaks. Constant availability is an expectation, but, of course, 100% availability isn’t really a reality. When high-profile systems, like Netflix or AWS ...
Sonatype Blog

GDPR Gets Teeth: British Airways and Marriott Fined

| | DevSecOps, FEATURED, GDPR, Industry commentary, News and Views
Yesterday the UK’s Information Commissioner Office proposed record setting fines under GDPR for £183 million to British Airways, followed by today’s announcement of a proposed £99 million fine to Marriott International following ...
Sonatype Blog

Developers: We Must Evolve

| | DEVOPS, DevSecOps, Industry commentary, News and Views
Chris Roberts (@sidragon1), currently the Chief Security Strategist at Attivo Networks, really stood out last year at All Day DevOps. You really just have to watch his session, below, to truly appreciate ...
Sonatype Blog
DevOps and Compliance can have separate agendas

Continuous Compliance and DevOps

| | Industry commentary, News and Views, OSS compliance
Security, Compliance, and DevOps walk into a pipeline... Okay, I don’t have a joke that starts out that way. But, then again, this isn’t a joke - this is reality and something ...
Sonatype Blog