Collaborate Disseminate
What secrets did Toyota unlock decades ago that drive the success of today’s software supply chain?
Sonatype’s Matt Howard explained during a chat with Dave Bittner on an episode of The CyberWire Daily podcast.
The post What Toyota Unl… Continue reading What Toyota Unlocked Decades Ago Drives Software Supply Chain Management Today
The first thing you need to know about Sonatype is this: the rumors are true.
The post How a Surf Loving Aussie Developed Sonatype’s Most Popular Extension appeared first on Security Boulevard.
Continue reading How a Surf Loving Aussie Developed Sonatype’s Most Popular Extension
Earlier this Summer, the National Institute of Standards and Technology (NIST), a part of the U.S. Chamber of Commerce, proposed a set of standards to address software supply chain attacks – and the growing need for better software security.
The p… Continue reading NIST Proposes Standards to Secure Government SDLC
“This is a very important issue. Enterprises are not taking necessary precautions,” our SVP of Strategy and Corporate Development, Bill Karpovich, noted when talking about Fortune 100 cybersecurity.
The post Free Software, But No Free … Continue reading Free Software, But No Free Lunch
As leaders in software composition analysis (SCA), we know its role throughout today’s software supply chain.
SCA was born out of necessity. How else could innovators discover, identify, and track open source software (OSS) components within… Continue reading Why Software Composition Analysis (SCA) Demands Precision
Recent malware installed in PyPI underscores the need for code verification at the code repository level to defend the software supply chain.
The post PyPi ‘Cheese Shop’ Malware Illustrates Software Supply Chain Risk Vector appeared fi… Continue reading PyPi ‘Cheese Shop’ Malware Illustrates Software Supply Chain Risk Vector
Mark Dodgson, Sonatype software engineer (@mdodgson76), will test his limits starting this Sunday, July 21, in the Deca Ironman event in York, England.
The post Extreme Endurance Required appeared first on Security Boulevard.
Continue reading Extreme Endurance Required
Discussions of DevOps in government are always popular because it is a tough subject. Few have successfully cracked the code, and, even if they have, it is a slow, uphill climb with unique challenges.
The post DevOps at the US Patent and Trademark… Continue reading DevOps at the US Patent and Trademark Office
We recently released the fifth annual State of the Software Supply Chain Report in London. This year, we worked with Gene Kim and Dr. Stephen Magill to examine our largest data sample ever. Our goal? To qualify and quantify how exemplary developme… Continue reading A World of Infinite Choice in Open Source Software
You’re probably familiar with JVM, or the Java Virtual Machine. It’s a standard diagnostic interface used to test Java software; so standard, in fact, that Mykel Alvis (@mykelalvis) of Array Consulting urges developers to think beyond its testing … Continue reading Repository Management: An Easy Way to Minimize Risk