Join us on June 12th at 10 AM for an exclusive webinar on adopting AI/ML/LLM into a firm’s software development strategy. Jaime Whitehouse, Product Manager at Sonatype, leads the session, supported by FINOS. Save your spot now! share.sonatype.social/5wtcc

#Malware alert! #Sonatype researchers found a new malicious #PyPI crypto-stealer targeting Windows users. We're committed to protecting the software supply chain while empowering developers to build secure software. Read more on our blog. #cybersecurity share.sonatype.social/69yhw

Sonatype’s two decades of experience have shaped our unique perspective on software development. Dive into our latest blog, "The Overview Effect: Two Decades of Unique Perspective," to gain valuable insights. Read more now! bit.ly/4eunXKd #OpenSource #SoftwareSupplyChain

Sustainability of critical oss infrastructure is a pressing issue we must address. Shockingly, only 1% of Maven Central users consume 83% of the bandwidth, many being large organizations that should have better supply chain practices. Taking steps to curb this abuse is crucial.

I had a great time talking with CRob about the world of vulnerabilities on the OpenSSF podcast "What’s in the SOSS?" My episode is live now — check it out! hubs.la/Q02GK53s0

I’ve spent much time thinking about why organizations struggle to understand the implications of the rise in malicious oss compared to typical vulnerabilities. It ultimately comes down to psychology. In this article, I explore the psychological barriers that prevent effective

Recent incidents combine to provide a stark discrepancy in share of risk from consumers and vendors. Also, what does shipping and a bridge disaster have to do with a global IT outage grounding airlines? Read on: linkedin.com/pulse/tale-two…

The circle just shrank. The treasure is still there. Now worth over $38,000

Why is X spying on me? Every time I open the page today, my mac tells me my mic is being used. I close the X tab and it goes away. This has happened multiple times today.

#BuildPropulsionLab at #CommunityOverCode 2024 with Brian Fox Brian Fox @[email protected] on the 10th annual State of the Supply Chain Security Report! x.com/i/broadcasts/1…

It’s a wrap on AllDayDevOps’ 24 hours of live-streamed content hosted by Sonatype! The good news is that all sessions are now available on demand. I had the privilege of joining three fantastic panels of experts to explore the recent "trifecta" of research into open source

After 6 hours with Artifactory: I can't pull the artifacts that I just pushed, and I can't do anything at all except on localhost. After 2 hours with Nexus: Everything works from everywhere. Welp, I guess I'm using Nexus. Sonatype

How Attackers Became The Protagonists Of The Software Supply Chain hubs.li/Q034WK_N0 Written by @brian_fox of @Sonatype

Get streaming.tv at hyatt is down now for two days. It’s clearly an ssl certificate that likely expired. Shouldn’t be such a long outage…

Day 3. No fix.

Free isn’t free: the infrastructure behind open source has real costs, and it’s time we aligned usage with responsibility. This morning we jointly launch a new blog and open letter on sustainable stewardship. sonatype.com/blog/from-abus…

Vibe-Using: The Next Shift in How We Build and Live with Software linkedin.com/pulse/vibe-usi… via LinkedIn

Come on man. 100% of my flights on SWA in the past weeks have had non useable WiFi. Inversely 100% of my non SWA flights in the same time have had blazing fast connection. I fly a lot. Mostly on SWA. Time is money. Not being able to work is very expensive. Southwest Airlines