2019 State of the Software Supply Chain Report

Four Common Security Acronyms Explained

Posted on March 2, 2020 by DJ Schleen

Editor’s Note: This is the first in a series of posts about the 2020 DevSecOps Reference Architecture developed by DJ Schleen. In this series DJ explains various parts of the pipeline architecture.
I just released an updated version of the D… Continue reading Four Common Security Acronyms Explained→

Gartner: You Must Assess Overall Software Health and Welfare

Posted on February 24, 2020 by Katie McCaskey

Gartner’s recent report Technology Insight for Software Composition Analysis, makes four open-source security recommendations that companies should think about when determining what type of software composition analysis program they want to … Continue reading Gartner: You Must Assess Overall Software Health and Welfare→

It Pays to Discover Sonatype

Posted on October 3, 2019 by Katie McCaskey

The name of the presentation says it all: Procure Secure Components Faster with Superior Developer Experience. So announced Karthik Loganathan and Sheshagiri (Giri) Rao of Discover at the annual DevOps World | Jenkins World conference.
T… Continue reading It Pays to Discover Sonatype→

A More Secure Web Needs Developers, Defenders, Advocates, and OSS

Posted on September 13, 2019 by Katie McCaskey

How’s that deodorant of yours working? If you wanted to hear yesterday’s presentation you had to crowd in, close — it was standing room only.
Sonatype’s Derek Weeks (@weekstweets) presented at Global AppSec DC. The conference, s… Continue reading A More Secure Web Needs Developers, Defenders, Advocates, and OSS→

What Toyota Unlocked Decades Ago Drives Software Supply Chain Management Today

Posted on August 5, 2019 by Katie McCaskey

What secrets did Toyota unlock decades ago that drive the success of today’s software supply chain?
Sonatype’s Matt Howard explained during a chat with Dave Bittner on an episode of The CyberWire Daily podcast.
The post What Toyota Unl… Continue reading What Toyota Unlocked Decades Ago Drives Software Supply Chain Management Today→

Free Software, But No Free Lunch

Posted on July 25, 2019 by Katie McCaskey

“This is a very important issue. Enterprises are not taking necessary precautions,” our SVP of Strategy and Corporate Development, Bill Karpovich, noted when talking about Fortune 100 cybersecurity.
The post Free Software, But No Free … Continue reading Free Software, But No Free Lunch→

PyPi ‘Cheese Shop’ Malware Illustrates Software Supply Chain Risk Vector

Posted on July 22, 2019 by Katie McCaskey

Recent malware installed in PyPI underscores the need for code verification at the code repository level to defend the software supply chain.
The post PyPi ‘Cheese Shop’ Malware Illustrates Software Supply Chain Risk Vector appeared fi… Continue reading PyPi ‘Cheese Shop’ Malware Illustrates Software Supply Chain Risk Vector→

A World of Infinite Choice in Open Source Software

Posted on July 11, 2019 by Katie McCaskey

We recently released the fifth annual State of the Software Supply Chain Report in London. This year, we worked with Gene Kim and Dr. Stephen Magill to examine our largest data sample ever. Our goal? To qualify and quantify how exemplary developme… Continue reading A World of Infinite Choice in Open Source Software→

What 36,000 OSS Projects and 12,000 Commercial Dev Teams Taught Us About Secure Coding Practices

Posted on June 25, 2019 by Derek Weeks

After ten months of research which involved studying 36,000 open source software projects, 12,000 enterprise development teams, and 3.7 million open source releases, we are pleased to announce the arrival of the 2019 State of the Software Supply C… Continue reading What 36,000 OSS Projects and 12,000 Commercial Dev Teams Taught Us About Secure Coding Practices→