open source risk Archives

Hijacked npm Package Attempts to Deliver PolinRider-Linked RAT

Sonatype Security Research Team | May 21, 2026 | embedded malicious code, malicious code npm, npm, open source risk, open-source malware, Sonatype Guide, Threat

Attackers do not need to wait for a CVE when they can publish directly into the build ...

2024 Sonatype Blog

Managing Open Source Software Risks With the HeroDevs EOL Dashboard

Aaron Linskens | May 20, 2026 | dashboard, dependencies, open source, open source risk, open source risk management, risk management, secure software supply chain, Sonatype Lifecycle

Modern software delivery runs on open source. But as dependency graphs expand and application lifecycles stretch across years, end-of-life (EOL) components are becoming a structural security challenge ...

2024 Sonatype Blog

OWASP Top 10: Application Security Meets AI Risk

Aaron Linskens | January 22, 2026 | AI, Application Security, open source, open source risk, owasp, OWASP Top 10, risk

The OWASP Top 10 has long served as a reality check for development teams: a concise, community-driven snapshot of the most critical web application security risks organizations face today ...

2024 Sonatype Blog

Future-Proofing Your Software Supply Chain with SCA Best Practices

Aaron Linskens | August 8, 2025 | Application Security, Automation, open source, open source risk, open source risk management, shift left, Software Composition Analysis

Open source software (OSS) is the backbone of modern software development, empowering industries from finance and healthcare to government and technology to innovate faster and reduce costs. However, this widespread adoption brings ...

2024 Sonatype Blog

Secure mobile applications with Dart, Flutter, and Sonatype

Aaron Linskens | June 10, 2025 | Application Security, dependencies, mobile application, open source risk, Secure Coding

The Dart coding language and the Flutter framework architecture are gaining traction among developers looking to build fast, reliable, cross-platform applications ...

2024 Sonatype Blog

Open Source Security Incidents and How Organizations Can Respond

rezilion | July 19, 2023 | open source, open source risk, Open Source Security, open source vulnerabilities, Uncategorized

Attacks that leverage vulnerabilities in open source software are on the rise. How security teams respond to these incidents is key to what impact they will ultimately have. Oftentimes the attacks stemming ...

Rezilion

Security Teams Need to Address One of the Biggest Software Supply Chain Risks: Open Source

rezilion | July 17, 2023 | open source, open source risk, Open Source Security, open source vulnerabilities, rsa, software supply chain, software supply chain risk, Uncategorized

One of the biggest threats to software supply chain security is open source software applications and components. Many enterprises and small businesses have come to rely on open source solutions, and they ...

Rezilion

Rezilion Report Finds World’s Most Popular Generative AI Projects Present High Security Risk

rezilion | June 28, 2023 | generative AI, large language models, open source, open source risk, Open Source Security, Uncategorized

NEW YORK, June 28, 2023 – Rezilion, an automated software supply chain security platform, today announced a new report, “Expl[AI]ning the Risk: Exploring the Large Language Models (LLM) Open-Source Security Landscape,” finding ...

Rezilion

‘Trojan Source’ Makes Scary Headlines—But it’s Not New

Richi Jennings | November 2, 2021 | Clearly not an issue for real developers as its not like they would copy and paste code off stackoverflow, open source risk, SB Blogwatch, Software Supply Chains, Trojan Source bug

Trojan Source “threatens the security of all code,” screams a widely shared article. Poppycock. There’s nothing new here ...

Security Boulevard

It Pays to Discover Sonatype

Katie McCaskey | October 3, 2019 | 2019 State of the Software Supply Chain Report, open source, Open Source Governance, open source risk, open source software supply chain, Post security/devsecops

The name of the presentation says it all: Procure Secure Components Faster with Superior Developer Experience. So announced Karthik Loganathan and Sheshagiri (Giri) Rao of Discover at the annual DevOps World | ...

Sonatype Blog

open source risk

Hijacked npm Package Attempts to Deliver PolinRider-Linked RAT

Managing Open Source Software Risks With the HeroDevs EOL Dashboard

OWASP Top 10: Application Security Meets AI Risk

Future-Proofing Your Software Supply Chain with SCA Best Practices

Secure mobile applications with Dart, Flutter, and Sonatype

Open Source Security Incidents and How Organizations Can Respond

Security Teams Need to Address One of the Biggest Software Supply Chain Risks: Open Source

Rezilion Report Finds World’s Most Popular Generative AI Projects Present High Security Risk

‘Trojan Source’ Makes Scary Headlines—But it’s Not New

It Pays to Discover Sonatype

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On