Hot Topics

Building resilient and secure systems - Lessons from Devoxx Poland
New Research Shows Bot Attacks Are Surging
Less SmartScreen More Caffeine: (Ab)Using ClickOnce for Trusted Code Execution
BSidesSF 2023 - Adam Berman - When Is A Vulnerability Not A Vulnerability? Overcoming The Inundation Of Noisy Supply Chain Security Alerts
Why Google Passkey is Good for B2B Adoption of Emerging Authentication Practices

Protecting Software Developers from Malware with AI/ML Insights

Mandeep Singh | April 20, 2023 | FEATURED, Malware Analysis, News and Views, Post security/devsecops, Sonatype Repository Firewall

In my last post I talked about solutions to address malware and the increase in attacks. Today I’ll dig into what’s necessary to find and avoid malware ...

Sonatype Blog

SCA and SAST: What Do They Do and How Can They Help Developers Like You?

Theresa Mammarella | January 3, 2023 | AppSec, DevSecOps, DevZone, open source, Post security/devsecops

...

Sonatype Blog

What do Log4Shell and a Global Pandemic Have in Common?

Theresa Mammarella | November 15, 2022 | AppSec, DevSecOps, DevZone, Log4j, Post security/devsecops

A big challenge of being a software professional is effectively communicating complicated concepts in a way that your audience can understand — whether it be the junior engineer on your team, a ...

Sonatype Blog

The Magic Behind Over 101,000 Malicious Packages Discovered and Blocked

Chris Good | November 8, 2022 | Nexus Firewall, Post security/devsecops, Product

Nexus Firewall provides industry-leading machine learning by security experts for security experts, detecting suspicious and malicious OSS risks in real-time and at scale before the rest of the world finds out ...

Sonatype Blog

Setting Boundaries: How Procurement Relates to Security (Part 1)

Michael Griffin | August 24, 2022 | Industry commentary, News and Views, Post security/devsecops

Companies are made up of what they build, borrow, and buy. On the software development front, Sonatype’s tools help with two major issues: what you build (software) and borrow (open source code) ...

Sonatype Blog

What Constitutes a Software Supply Chain Attack?

Ax Sharma | August 3, 2021 | DevSecOps, FEATURED, Post security/devsecops, Software Supply Chains, Vulnerabilities

We are just halfway through 2021, and have already seen an exceptional increase in open source malware and novel supply chain attacks. And, they seem to just keep coming. ...

Sonatype Blog

How to Better Navigate the World of DevSecOps with Sonatype and Saltworks Security

Tanya Feghali | July 28, 2020 | open source, Partners, Post security/devsecops, saltworks

Recently we partnered with Orasi Software and Saltworks Security to discuss how organizations are using open source software. Saltworks’ Founder and CEO, Dennis Hurst and Sonatype’s, Maury Cupitt, VP, Solutions Architecture, sat ...

Sonatype Blog

“WTF is DevSecOps?”

Elizabeth Kathure | May 27, 2020 | all day devops, DevSecOps, Post security/devsecops

If you’re a person working in security or software development, you’ve probably heard about DevSecOps before and wondered what it is or if it even works. Perhaps you’re a DevSecOps practitioner and ...

Sonatype Blog

Getting Your Security Program to Shift Left: Operationalizing Security Controls via DevSecOps

Daniel Longest | May 21, 2020 | DevSecOps, enterprise security, Post security/devsecops, shift left

DevSecOps is a hot topic. It’s touted as a utopia where automation saves time and money while cutting risk and reducing dependencies. In reality, without effective oversight, DevSecOps leaves orphaned technologies, unmaintained ...

Sonatype Blog

Ryan Lockard Names the Seven Deadly Sins of DevSecOps [VIDEO]

Mark Miller | April 2, 2020 | Application Security, AppSec, DevSecOps, News and Views, Post security/devsecops

Editor's Note: Ryan's story is included in "Epic Failures in DevSecOps, Volume 2", available for free download. "It is said in Roman Catholicism that each of the seven deadly sins is uniquely ...

Sonatype Blog