Well, the CRA passed through committee in a way that will avoid further discussion. There's zero chance they knew there were still significant issues and yet here we are. Read more: Current status:

Day 3. No fix.

Get at @Hyatt is down now for two days. It’s clearly an ssl certificate that likely expired. Shouldn’t be such a long outage….

RT @ForbesTechCncl: How Attackers Became The Protagonists Of The Software Supply Chain Written by @brian_fox of @S….

RT @LonnieDoingCode: After 6 hours with Artifactory: I can't pull the artifacts that I just pushed, and I can't do anything at all except o….

It’s a wrap on AllDayDevOps’ 24 hours of live-streamed content hosted by Sonatype! The good news is that all sessions are now available on demand. I had the privilege of joining three fantastic panels of experts to explore the recent "trifecta" of research into open source.

RT @gradle: #BuildPropulsionLab at #CommunityOverCode 2024 with Brian Fox @Brian_Fox on the 10th annual State of the Supply Chain Security….

Why is X spying on me? Every time I open the page today, my mac tells me my mic is being used. I close the X tab and it goes away. This has happened multiple times today.

RT @jasonrohrer: The circle just shrank. The treasure is still there. Now worth over $38,000

Recent incidents combine to provide a stark discrepancy in share of risk from consumers and vendors. Also, what does shipping and a bridge disaster have to do with a global IT outage grounding airlines?. Read on:.

I’ve spent much time thinking about why organizations struggle to understand the implications of the rise in malicious oss compared to typical vulnerabilities. It ultimately comes down to psychology. In this article, I explore the psychological barriers that prevent effective.

I had a great time talking with @SecurityCRob about the world of vulnerabilities on the @openssf podcast "What’s in the SOSS?" My episode is live now — check it out!

Sustainability of critical oss infrastructure is a pressing issue we must address. Shockingly, only 1% of Maven Central users consume 83% of the bandwidth, many being large organizations that should have better supply chain practices. Taking steps to curb this abuse is crucial.

RT @sonatype: Sonatype’s two decades of experience have shaped our unique perspective on software development. Dive into our latest blog, "….

#Malware alert! #Sonatype researchers found a new malicious #PyPI crypto-stealer targeting Windows users. We're committed to protecting the software supply chain while empowering developers to build secure software. Read more on our blog. #cybersecurity

Join us on June 12th at 10 AM for an exclusive webinar on adopting AI/ML/LLM into a firm’s software development strategy. Jaime Whitehouse, Product Manager at Sonatype, leads the session, supported by FINOS. Save your spot now!

Sonatype is thrilled to be recognized as Top Rated by TrustRadius in SIX categories:.🌟 SCA.🌟 Application Security.🌟 DevSecOps.🌟 Container Security.🌟 Software Repositories.🌟 Static Code Analysis . See for yourself why our customers are choosing Sonatype.

RT @CyberStatecraft: For more on how the downstream firms that use OSS in their products can support key dependencies and update their manu….

I'm excited to be nominated for the 2024 #DefenseScoop50 Award. Cast your vote:

RT @sonatype: 📢 Today marks a new era! Introducing SBOM Manager - the industry's first integrated system of record for managing SBOMs! A po….

Dive into the latest #DevSecOps trends and discover best practices for SBOM compliance at our upcoming Lunch & Learn! Hear from experts at @Sonatype, @northropgrumman, and ARKA Group. Space is limited, so register now: