Sonatype
Sonatype
Blog Post
  • The march of standards continues unabated. Legacy TLS protocols 1.0 and 1.1 have varying weaknesses that could lead to a false sense of security.  In June, in an effort to raise security and comply with modern standards, the insecure TLS 1.0 & 1.1 protocols will no longer be supported for SSL connections to Central. This should only affect users of Java 6 that are also using https to access centr...

Sonatype
Sonatype
Blog Post
  • You know that feeling when you tell someone a secret and then wonder if it is going to get out? (I mean, I have heard some people worry about that.) Well, system operators managing security often (maybe always) worry about secrets used to access their networks and resources will be get out or be setup incorrectly, exposing their systems.

Sonatype
Sonatype
Blog Post
  • Attending conferences provides an incredible learning opportunity, but they also come at a cost.  Throw in $1700 for airfare and lodging, $500 for the conference fee, $200 on meals, and then a couple of days away from the office.

Sonatype
Sonatype
Blog Post
  • Earlier today, Robert Hackett at Fortune published an eye opening report on the number of organizations who continue to download known vulnerable open source components.  His focus for the article was specifically on the Struts web application framework.  Why?

Sonatype
Sonatype
Blog Post
  • Development pipeline: “an automated manifestation of your process for getting software from version control into the hands of your users.” Seems easy, right? Okay, not really. There are key questions to ask first. Who owns the integrated pipeline? What and how do you measure and monitor in order to assess pipeline health? What are the key qualities and attributes teams should look for? Oh, and...

Sonatype
Sonatype
Blog Post
  • The social security system of India, AADHAAR, was just breached due to a Struts related vulnerability exploited on their website.   If you are not familiar with AADHAAR, it offers a 12-digital personal identification number to every citizen of India.  That's 1.3 billion numbers.

Sonatype
Sonatype
Blog Post
  • Looking at year over year data for the DevSecOps Community Survey, the percentage of respondents stating Container and Application Security tooling is in use doubled. In 2017, only 23% had tooling in place wherein 2018, 56% responded as having Container and Application Security tooling in place. Container Security is quickly becoming a segment ripe for standardization and simplification. Given ...

Sonatype
Sonatype
Blog Post
  • Even if you work for a large organization, chances are that you could memorize the names of all the security folks working in IT. That's because the ratio of developers to security is 100:1, according to a recent survey (the same study indicates a 10:1 ratio of devs to ops). Previous studies have reported ratios from 100:3 to 100:6, so there's some progress but not fast enough.

Sonatype
Sonatype
Blog Post
  • I’m not going to argue about why “Security is Everyone’s Role” - we’ve already agreed that it is, and there is no point in continuing that discussion. Instead, I’ll try to explain how DevSecOps has been influenced by that mindset - and should also be everyone’s business.

Sonatype
Sonatype
Blog Post
  • Earlier today, the Wall Street Journal’s Adam Janofsky wrote an article entitled,How Companies Can Manage Risks Tied to Open-Source Software*. Coverage of this topic is significant for a number of reasons.  First and foremost, it sheds light on a topic for the executive readership of the WSJ, that has seen growing interest over the years across developer and security communities.  

Sonatype
Sonatype
Blog Post
  • In today's business world, three harsh truths are facing established leaders in almost every industry: they are prone to disruption by competitors who are better at software innovation. they are prone to attacks by criminals who know more about security than they do. they are scared to death, and pressuring their own IT leaders to deliver innovative applications faster -- and more secure...

Sonatype
Sonatype
Blog Post
  • Earlier this year I wrote a two part series called CI In The Age Of Containers - Part 1 & Part 2. My original goal was to explore the impact container might have on the build process. My thinking was there would be a profound impact that would shake up what I knew about building deliverables which I had done for years before containers came on the scene. What I learned was that it didn't change...

Out-Market Your Competitors?

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account Log in

By signing up, you agree to the Terms of Service and Privacy Policy.

Out-Market Your Competitors

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account

Already a user?  Log in

By signing up, you agree to the Terms of Service and Privacy Policy.