If you didn’t know what a software supply chain was - let alone a software supply chain attack - you do now. As someone who’s been researching, studying and talking about this ...
In the past week the US Treasury, US Department of Commerce and cybersecurity company FireEye experienced breaches tied to their reliance on software supply chains and a compromise of a SolarWinds software ...
Just months after Octopus Scanner was caught infecting 26 open-source projects on GitHub, new reports have already surfaced of another, new sophisticated malware infection. Gitpaste-12, a worming botnet, is extremely versatile in ...
Today, application attacks and breaches are often the result of easily exploited – and easily rectified – open source vulnerabilities. While we hope companies would self-regulate their cybersecurity hygiene in our software ...
This Spring, the National Institute of Standards and Technology (NIST), released updated recommendations (.pdf) to improve software resilience against vulnerabilities. This builds on an earlier, four-part framework released last year. As the ...
In my last post, Jenkins X — Managing Jenkins, I talked about how we manage our Jenkins server. This time around, I’ll be looking at the Nexus server and how it too ...
In the last few years, we’ve continuously been hearing that we should automate, automate, automate. So it might be weird to hear that manual verification still matters. Jeroen Willemsen explains to us ...
“Equality is not a women's issue, it's a business issue.” -- International Women’s Day website International Women’s Day began in America in 1911; today, millions of people around the globe mark March ...
If you've been immersed in the Node.js/JavaScript community for awhile, or even if you are just getting started, you are likely using npm audit to scan package dependencies in your projects. It's ...
Sonatype is a distributed workforce. Most of us work remotely, and we are hiring. But before you apply, do you know what it means to work on such a team? ...
The SolarWinds Software Supply Chain Attack: How Developers Can Protect Applications
Tracing the SolarWinds exploit upstream
Gitpaste-12: A dozen exploits that silently lived on GitHub, attacked Linux servers
Turkish Banking Agency Mandates Better Software Supply Chain Hygiene
NIST: Adopt a Secure Software Development Framework (SSDF) to Mitigate Risk of Software Vulnerabilities
Managing Nexus API Using Jenkins X
Why Manual Verification Still Matters
“Each for Equal”: 2020 International Women’s Day Theme Resonates in DevSecOps Because It Is a Business Issue
Beyond npm Audit to Traverse an Increasingly Complex Dependency Tree
For Distributed Teams, It’s Not All About the Tools