Streamline your SBOM management with SBOM Manager

Streamline your SBOM management with SBOM Manager

Modern software development means applications are woven from diverse components sourced from in-house development, open source repositories, and external vendors. Keeping track of all these dependencies is becoming more critical as governments ...
Secure Software Development Attestation Form: Sonatype helps you comply

Secure Software Development Attestation Form: Sonatype helps you comply

On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) unveiled the final version of the Secure Software Development Attestation Form. This pivotal ...
What are SBOM standards and formats?

What are SBOM standards and formats?

The growing importance of software bills of materials (SBOMs) marks a significant shift towards better transparency and security in software management ...
Women in cybersecurity: On the shoulders of giants

Women in cybersecurity: On the shoulders of giants

$11.5 trillion - the Gross Domestic Product (GDP) of the world's third-largest economy after the United States and China. However, this is not a country. It's the estimated cost of cybercrime to ...
Embracing the AI revolution: Navigating the impact on developers

Embracing the AI revolution: Navigating the impact on developers

In the wake of transformative advancements in generative artificial intelligence (AI) and machine learning (ML), the landscape of software development is undergoing a significant shift ...
A demand for real consequences: Sonatype's response to CISA's Secure by Design

A demand for real consequences: Sonatype’s response to CISA’s Secure by Design

In the fast-changing fields of cybersecurity and software development, the importance of creating secure software is more crucial than ever. Recently, my colleagues and I at the Open Source Security Foundation (OpenSSF) ...
How the SEC charges against SolarWinds highlight the cybersecurity liability of software companies

How the SEC charges against SolarWinds highlight the cybersecurity liability of software companies

On October 30, 2023, the Securities and Exchange Commission (SEC) filed a civil complaint against SolarWinds Corporation and its chief information security officer, Timothy G. Brown, for violating federal securities laws by ...
How manufacturing best practices can improve open source consumption and software supply chains

How manufacturing best practices can improve open source consumption and software supply chains

The biggest problem facing software organizations today is an inability to track, monitor, and improve the usage of open source software. This isn’t about security alone. From DevOps to DevSecOps, there are ...
Introducing our 9th annual State of the Software Supply Chain report

Introducing our 9th annual State of the Software Supply Chain report

In our fast-paced digital world, striving for excellence is an ongoing journey marked by the relentless pursuit of innovation, efficiency, and a focus on the essential contributors: the developers. Our 9th annual ...
Unlocking the power of generative AI in software development: Insights from Sonatype's survey

Unlocking the power of generative AI in software development: Insights from Sonatype’s survey

Over the past year, generative artificial intelligence (AI) rapidly emerged as a game-changing technology, similar to the disruptive force of cloud computing in the 2000s. As often happens during the initial phases ...