Collaborate Disseminate
It feels like some people don’t have a strong understanding of open source. Some misunderstandings have come from working with open source in an environment filled with proprietary software. When the words “open” and “sourc… Continue reading How to Establish an Open Source Program Office
Editor’s Note: Many people contribute their time and talents to open source projects. It’s always interesting to discover the diversity of expertise and perspective.
Many developers are introduced to Sonatype by way of Nexus Repository OSS, DepShi… Continue reading OSS Index Contributor Asks: Where ‘R’ You?
This Spring, the National Institute of Standards and Technology (NIST), released updated recommendations (.pdf) to improve software resilience against vulnerabilities. This builds on an earlier, four-part framework released last year.
As the depar… Continue reading NIST: Adopt a Secure Software Development Framework (SSDF) to Mitigate Risk of Software Vulnerabilities
Editor’s Note: This is the first in a series of posts about the 2020 DevSecOps Reference Architecture developed by DJ Schleen. In this series DJ explains various parts of the pipeline architecture.
I just released an updated version of the D… Continue reading Four Common Security Acronyms Explained
Vulnerabilities in our Python environments are really irritating. They slow us down, are difficult to identify, and can delay the development process. What makes them more frustrating is that most of these vulnerabilities are known. Countless deve… Continue reading How to Easily Identify Conda Vulnerabilities Using Sonatype Jake
Gartner’s report, Technology Insight for Software Composition Analysis, makes four recommendations to improve software security. The first is to ensure a software bill of materials (or SBOM) exists for every software application; an SBOM ill… Continue reading Gartner: The Crucial Role of OSS License Compliance
Sonatype is among the many supporters of All Day DevOps (ADDO), the world’s largest conference for DevOps practitioners. Close to 40,000 people attended this year’s 24-hour event — and 10% of them were from one company. We spoke with … Continue reading “This is the New Op Model” – Why State Farm Sponsored ADDO, and the Results
October is National Cybersecurity Awareness Month (NCSAM). NCSAM is a joint effort between government and industry to raise awareness about cyber threats. This year, NCSAM highlights three areas where cyber security protections (or vulnerabil… Continue reading October is Cyber Security Awareness Month. Developers Are Some of Our Best Guardians.
Over the last several years, we’ve been raising awareness of breaches to popular open source software components and the worrying trend that they are more frequently being attacked at the source – bad actors are growing bolder and the veloci… Continue reading Anatomy of the RubyGems ‘rest-client’ hack, and getting creative about open source security
What are infinity stones, and where are they located in the Nexus platform?
The post Activate Your Shield Against Open Source Invasions appeared first on Security Boulevard.
Continue reading Activate Your Shield Against Open Source Invasions