It’s rare to see a community truly come together for the common good, but that’s exactly what happened yesterday within our open source community. We cherished the opportunity to participate in a ...
There is proven value in hiring a diverse workforce; doing so benefits both company performance and your bottom line. An October 2021 Gartner survey highlights diversity as a top human resource concern ...
Contributing to open source software is beneficial to a business, its developers, and the open source software (OSS) packages they rely on. By giving back, a company can be confident the foundational ...
A topic that comes up frequently at Sonatype is something called the “software supply chain.” The term is based on how supply companies send parts to manufacturers who assemble them into things ...
The vast majority of developers today don’t develop software from the ground-up and instead rely on third-party resources when creating software. By using pre-built libraries and open source components, engineers can expedite ...
Cloudflare has patched a critical vulnerability in its open source content delivery network, CDNJS. The issue threatened the security, integrity, and availability of the wider supply chain ...
Following the 4th of July weekend, our industry finds itself digesting the details of yet another large-scale and high-profile ransomware attack. This time its the exploitation of Kaseya’s network monitoring and remote ...
On May 12th, President Biden signed the 2021 Cybersecurity Executive Order (EO). Since then, I’ve thought a lot about what it really means for federally focused sellers and buyers of software and ...
A major buzzword passed around this year is the term “zero trust.” As with similar phrases that have come before, there are different definitions depending on who you ask and what area ...
Recently, the Biden White House released an Executive Order detailing new requirements to address cybersecurity and secure software development, as it relates to national security. This order addresses a variety of issues ...
A Clear Path Forward Toward More Secure and Maintainable Open Source Software
Open source and diversity in tech: [email protected]
Why Companies Should Contribute to Open Source – and How to Do It
A Non-Programmer Introduction to the Software Supply Chain (Electron)
Software Supply Chains: an Introductory Guide
This npm Package Could Have Brought Down Cloudflare’s Entire CDN and Millions of Websites
Kaseya Ransomware: a Software Supply Chain Attack or Not?
What Does NIST’s Definition of Critical Software Mean to You?
How Does Securing the Software Supply Chain Fit the DoD CIO Zero Trust Architecture?
Are You Still Wondering About Dependency Confusion Attacks?