Open source risk management: Safeguarding software integrity
In the constantly shifting terrain of software supply chains, open source software (OSS) fulfills a dual mandate, propelling innovation forward and serving as the cornerstone of operational efficiency ... Read More
Introducing our 9th annual State of the Software Supply Chain report
In our fast-paced digital world, striving for excellence is an ongoing journey marked by the relentless pursuit of innovation, efficiency, and a focus on the essential contributors: the developers. Our 9th annual State of the Software Supply Chain report dives into our extensive studies and highlights how developer productivity is ... Read More
SAST vs. DAST: Enhancing application security
As the threat landscape continues to evolve, organizations face a formidable challenge: ensure the security of their software applications ... Read More
SAST vs. DAST: Enhancing application security
As the threat landscape continues to evolve, organizations face a formidable challenge: ensure the security of their software applications ... Read More
Unlocking the power of generative AI in software development: Insights from Sonatype’s survey
Over the past year, generative artificial intelligence (AI) rapidly emerged as a game-changing technology, similar to the disruptive force of cloud computing in the 2000s. As often happens during the initial phases of disruptive technologies, we marvel at the wide-ranging impact of its sudden popularity. Generative AI aligns with that ... Read More
How to navigate DevOps principles: Analyzing Shift Left and Secure Right
In the ever-evolving world of DevOps, two concepts, Shift Left and Secure Right, surfaced as catch-phrases that signal a shared desire to develop more secure and reliable software ... Read More
A guide for open source software (OSS) security
When you search for a dependable open source software (OSS) component to integrate into your software supply chain, evaluation of the component’s security emerges as a critical task. This involves not only examining the immediate functionalities of the component but also the overall state of the software project itself, including ... Read More
Getting started with the Secure Software Development Framework (SSDF)
In today’s software-driven world, it’s crucial to ensure the security of software during development. Yet many software development life cycle (SDLC) models lack specific emphasis on software security, requiring the addition of secure software development practices or software security frameworks alongside existing SDLC processes to ensure robust security measures ... Read More
Cyber Resilience Act: The Future of Software in the European Union
Representatives of member states of the European Union (EU) reached a common agreement yesterday regarding the proposed Cyber Resilience Act (CRA) ... Read More
A Closer Look: Differentiating Software Vulnerabilities and Malware
In today’s interconnected digital world, vulnerabilities and malware in open source software pose significant threats to the security and integrity of your software supply chain. While these two terms may appear synonymous at first glance, you should know their fundamental differences. They are two distinct yet closely related aspects of ... Read More
