Almost two years ago, President Biden’s Executive Order 14208, “Improving the Nation’s Cybersecurity,” was signed. This major step toward regulating the software supply chain in the US was spurred by the software ...
Around this time last year, InfoWorld called 2022 the “the year of software supply chain security.” Unfortunately, one year later still feels very much like we’re back at the beginning. Our data ...
Companies are made up of what they build, borrow, and buy. On the software development front, Sonatype’s tools help with two major issues: what you build (software) and borrow (open source code) ...
It’s rare to see a community truly come together for the common good, but that’s exactly what happened yesterday within our open source community. We cherished the opportunity to participate in a ...
There is proven value in hiring a diverse workforce; doing so benefits both company performance and your bottom line. An October 2021 Gartner survey highlights diversity as a top human resource concern ...
Contributing to open source software is beneficial to a business, its developers, and the open source software (OSS) packages they rely on. By giving back, a company can be confident the foundational ...
A topic that comes up frequently at Sonatype is something called the “software supply chain.” The term is based on how supply companies send parts to manufacturers who assemble them into things ...
The vast majority of developers today don’t develop software from the ground-up and instead rely on third-party resources when creating software. By using pre-built libraries and open source components, engineers can expedite ...
Cloudflare has patched a critical vulnerability in its open source content delivery network, CDNJS. The issue threatened the security, integrity, and availability of the wider supply chain ...
Another SolarWinds? The Latest Software Supply Chain Attack on 3CX
Cyber-readiness and Changing Federal Government SBOM Requirements
2023 Predictions: What Will Happen in Software Supply Chain Governance?
Setting Boundaries: How Procurement Relates to Security (Part 1)
A Clear Path Forward Toward More Secure and Maintainable Open Source Software
Open source and diversity in tech: Women@Sonatype
Why Companies Should Contribute to Open Source – and How to Do It
A Non-Programmer Introduction to the Software Supply Chain (Electron)
Software Supply Chains: an Introductory Guide
This npm Package Could Have Brought Down Cloudflare’s Entire CDN and Millions of Websites