open source

Software Dependency Cooldowns Are a Symptom, Not a Strategy

Software Dependency Cooldowns Are a Symptom, Not a Strategy

| | dependencies, Development, open source, Release Management, secure software supply chain, Sonatype Firewall, Thought Leaders
Open source does not move too fast ...
2024 Sonatype Blog
Enter the WasmForge: Compiling Sliver into WebAssembly

Enter the WasmForge: Compiling Sliver into WebAssembly

| | AI Offensive Security, C2 development, Claude Code, EDR, EDR evasion, Labs, malware automation, Offensive Security, open source, red-team-tools, Tools & Techniques, Vulnerability Research
In our last post we used a Claude skill to systematically beat down VirusTotal detection rates on offensive security tools, with a brief mention of a new loader we’d been using to ...
Offensive Security Blog: Latest Trends in Hacking | Praetorian
Title Card: Open Source Is Free. Until Someone Comes to Collect.

Open Source Is Free. Until Someone Comes to Collect.

| | AI, curated catalog, open source, software supply chain security
 Open Source Is Free. Until Someone Comes to Collect.By Jacqueline Winter, CFO & CISO, ActiveStateFinance has a long history of discovering that the liabilities nobody tracked were the ones nobody paid for ...
ActiveState Your One Stop For Secure Trusted Open Source
Adversarial Oracles: LLM-Guided EDR Signature Reduction

Adversarial Oracles: LLM-Guided EDR Signature Reduction

| | adversarial, AI Security, Offensive Security, open source, Red Team, Static Analysis, Tools & Techniques
In previous blog posts we’ve talked about getting nerd sniped. Today we’re going to talk about a kind of nerd sniping that any offensive security tool creator is familiar with; when your ...
Offensive Security Blog: Latest Trends in Hacking | Praetorian
The Liability Nobody Put on the Balance Sheet

The Liability Nobody Put on the Balance Sheet

| | AI, curated catalog, open source, software supply chain security
 The Liability Nobody Put on the Balance SheetBy Jacqueline Winter, CFO & CISO, ActiveStateMost organizations have detailed processes for approving financial instruments they take onto their books. Open source software does not ...
ActiveState Your One Stop For Secure Trusted Open Source
Your Outdated Repository Still Works, But It May Not Be Safe

Your Outdated Repository Still Works, But It May Not Be Safe

| | Nexus Repository, Nexus Repository OSS, Nexus Repository Pro, open source, repository, repository management, repository manager, Sonatype Nexus Repository
Repositories have long served as the backbone of software infrastructure, sitting between developers, CI/CD pipelines, public registries, and production releases. Today, the most sophisticated attackers have set their sights on developers ...
2024 Sonatype Blog
Title Card: Your CISO Cannot Answer the Question Your CFO Is About to Ask. Attributed to Jacqueline Winter, CFO & CISO, ActiveState

Your CISO Cannot Answer the Question Your CFO Is About to Ask

| | AI, curated catalog, open source, software supply chain security
 Your CISO Cannot Answer the Question Your CFO Is About to AskBy Jacqueline Winter, CFO & CISO, ActiveStateAI-assisted development created an accountability gap that most security leaders cannot fill. The regulatory and ...
ActiveState Your One Stop For Secure Trusted Open Source
Managing Open Source Software Risks With the HeroDevs EOL Dashboard

Managing Open Source Software Risks With the HeroDevs EOL Dashboard

| | dashboard, dependencies, open source, open source risk, open source risk management, risk management, secure software supply chain, Sonatype Lifecycle
Modern software delivery runs on open source. But as dependency graphs expand and application lifecycles stretch across years, end-of-life (EOL) components are becoming a structural security challenge ...
2024 Sonatype Blog
Building Trusted AI Development With Kiro and Sonatype Guide

Building Trusted AI Development With Kiro and Sonatype Guide

| | AI, Artificial Intelligence, aws, Model Context Protocol, open source, Sonatype Guide, sonatype intelligence
AI-powered development tools accelerate the production of software. But they also introduce a familiar challenge: how do you ensure that what's generated is secure, compliant, and trustworthy? ...
2024 Sonatype Blog
Quote graphic on a blue-to-purple gradient background with a shield and padlock icon. Text reads: "Open source is on every balance sheet. Most organizations have just not found it yet." The phrase "not found it" is highlighted in pink. Attributed to Jacqueline Winter, CFO & CISO, ActiveState

Open Source Is on Every Balance Sheet. Most Organizations Have Just Not Found It Yet.

| | AI, curated catalog, open source, software supply chain security
 Open Source Is on Every Balance Sheet. Most Organizations Have Just Not Found It Yet.By Jacqueline Winter, CFO & CISO, ActiveStateEvery CFO understands that an unmanaged liability is a governance failure. It ...
ActiveState Your One Stop For Secure Trusted Open Source
Load more