News and Views - Tagged - Security Boulevard

Top 5 Reasons to join Sonatype’s 2021 DevSecOps Leadership Forum

Connect, learn, and grow in your DevSecOps journey at our 2021 North American DevSecOps Leadership Forum (DLF)  taking place May 4, 2021 from 2-4 pm ET.  Featuring real stories from eight industry ...

How We’re Staying Connected with Our Channel Partners in a Virtual World

For people like me who thrive on in-person interactions not only personally, but professionally, in my role leading EMEA Partner marketing here at Sonatype, the past year has certainly been trying. We, ...

Meet the Developers Behind Sonatype’s Automated Malware Detection System Securing Open Source Supply Chains

Since we debuted our Advanced Development Pack in late 2020, Sonatype’s discovery of malicious packages infiltrating npm has been making headlines over and over [, , , , ] ...

Secure What You Build and Where You Run It:  Say Hello to the Infrastructure as Code Pack for Nexus Lifecycle

What is the IaC Pack and Why Should You Care?  The Infrastructure as Code Pack is a new add-on to Nexus Lifecycle that enables developers to easily find and fix security vulnerabilities ...

Why Sonatype is Acquiring MuseDev

Ask any software developer, and they will tell you the truth about two things: Conventional code analysis and application security tools are overly noisy and generally not well integrated into the developer ...

Securing Software Supply Chains and Dependency Confusion – An Industry Perspective

Following a growing trend in software supply chain attacks which use “dependency or namespace confusion” techniques, I sat down for a discussion on software supply chain security with a few experts on the ...

White House Releases Executive Order on America’s Software Supply Chains

Following the end of 2020 software supply chain attacks on SolarWinds that impacted multiple government agencies and private sector companies, President Biden issued a 2021 executive order  asking for a comprehensive review ...

Sonatype Spots 150+ Malicious npm Packages Copying Recent Software Supply Chain Attacks that Hit 35 Organizations

Just three days ago on February 9th, Sonatype released our findings on Alex Birsan’s research in which he used the “dependency or namespace confusion” technique to push his malicious proof-of-concept (PoC) code ...

Why Namespacing Matters in Public Open Source Repositories

Yesterday we saw the disclosure of a report showing how a security researcher was able to successfully infiltrate 35+ name brand companies, primarily via npm. Ironically, the mechanism used to perpetrate the ...

Dependency Hijacking Software Supply Chain Attack Hits More Than 35 Organizations

Today, news broke that a security researcher managed to breach systems of over 35 tech companies in what has been described as a novel software supply chain attack ...