Optimizing SBOM sharing for compliance and transparency
As software development continues to evolve, the critical need for transparent and secure practices in software supply chains remains constant ...
The countdown to NIS2 is on: Understand its scope and requirements
The Network and Information Systems Directive 2 (NIS2) regulation goes into effect in October 2024, leaving European Union (EU) member states just a few fleeting months to adopt and publish its compliance ...
‘Netfetcher’ package drops illicit ‘node’ binary on Windows
Recently identified PyPI packages called "netfetcher" and "pyfetcher" impersonate open source libraries and target Windows users with malicious executables that have a zero detection rate among leading antivirus engines. Furthermore, some of ...
Prioritizing and automating for optimal developer velocity and business outcomes
The ability to prioritize and automate effectively within software development and software supply chains can drastically alter the speed and quality of business outcomes ...
Crypto enthusiasts flood npm with more than 281,000 bogus packages overnight
Crypto enthusiasts have lately been flooding software registries like npm and PyPI with thousands of bogus packages that add no functional value and instead put a strain on the entire open source ...
How to audit SBOMs for enhanced software security
Software bill of materials (SBOMs) are essential elements for managing software security and compliance, especially in light of increasing open source risks ...
Sonatype’s summer webinar series: Future cybersecurity requirements
Sonatype kicked off its Summer of Software Regulations & Compliance webinar series this week with a broad look at some of the key regulations on improving cybersecurity. Jen Ellis, one of the ...
Ideal typosquat ‘solana-py’ steals your crypto wallet keys
The legitimate Solana Python API project is known as "solana-py" on GitHub, but simply "solana" on the Python software registry, PyPI. This slight naming discrepancy has been leveraged by a threat actor ...
Embracing dependency management in software development
With open source forming the backbone of modern software, effective management of software dependencies is an inevitable challenge for development and security teams ...
Evolving development with software composition analysis and software bills of materials
Software development is as dynamic as it is challenging, so understanding what goes into your applications is more crucial than ever. As usage of open source continues to grow, so does the ...
