Sonatype

#Malicious code in open source is no longer rare, and attackers are getting creative. In this clip, Stephen Magill breaks down real-world threats like the XZ Utils backdoor and typosquatting, and why SBOMs must evolve from compliance checklists to core security tools. Watch the full session to learn how integrating #SBOMs into your #SCA strategy helps you stay ahead of threats. https://lnkd.in/g9pHS_ph #SBOM #SCA #OpenSourceSecurity #DevSecOps #SoftwareSupplyChain #Sonatype #CyberSecurity #Typosquatting #XZUtils

CMOs Megan Lueders (Sonatype), Eric Olson (Quickbase), Cynthia Gumbert (SmartBear), and Brooke Cunningham (LogicMonitor) have joined forces to explore how organizations can embrace AI-driven development while ensuring security and compliance. In collaboration with AWS Partners, LogicMonitor, Quickbase, SmartBear, and Sonatype, Harvard Business Review dives into how businesses can navigate evolving security risks while accelerating innovation. Read the full white paper here: https://lnkd.in/g2bFa4gC #AI #SoftwareDevelopment #Cybersecurity #DevOps #Sonatype

?? AI adoption is skyrocketing—but so are the risks. #Malicious models, compliance gaps, and lack of governance threaten your #softwaresupplychain. Introducing the industry’s first end-to-end #AI Software Composition Analysis (#SCA)—helping you: ? Detect and block malicious AI models ? Enforce AI security and compliance policies ? Gain full visibility into AI/ML usage across your #SDLC Don’t leave AI security to chance. See how Sonatype makes AI safe to use. https://lnkd.in/g-6gQRBw #AISecurity #SoftwareSecurity #DevSecOps #AIGovernance #Sonatype

AI-driven supply chains need secure foundations. Gartner? highlights how AI-powered software solutions are the future of supply chain management, delivering efficiency, transparency, and resilience. https://bit.ly/435vlIJ Sonatype enables organizations to secure their software supply chains by managing open source risks, automating compliance, and ensuring every component in your pipeline is safe, scalable, and optimized for success. Learn how AI and secure software supply chains intersect in Gartner Emerging Tech Impact Radar: Artificial Intelligence report: https://bit.ly/435vlIJ #SupplyChain #AIInnovation #SonatypeLifecycle #SoftwareSecurity

"Not all risks are equal – malicious components are like poisoned food while vulnerabilities may just be ‘unhealthy’." Brian Fox uses an eye-opening analogy to explain the difference between vulnerable and malicious components while chatting with Daniel Newman. ?? Learn how to distinguish risks and protect your software supply chain. Read the full 10th State of the Software Supply Chain Report: https://lnkd.in/gch3UCB9 #OpenSourceSecurity #CyberSecurity #SoftwareSupplyChain The Futurum Group

Malware attacks against government organizations are escalating fast. ?? https://bit.ly/3FnFDdn In 2024 alone, over 300,000 malware attacks targeted federal agencies, making up 67.31% of all attempted attacks blocked by Sonatype. Traditional security measures are no longer enough as attackers shift from exploiting vulnerabilities to injecting malware directly into open source projects. Proactive, intelligence-driven defenses are critical to securing software supply chains against these evolving threats. Learn how Sonatype helps federal agencies stay ahead of malware risks. https://bit.ly/3FnFDdn #Cybersecurity #SoftwareSupplyChain #OpenSourceSecurity #FederalSecurity #MalwareDefense #Sonatype

#AI is transforming software development, but innovation must go hand in hand with security. A new Harvard Business Review report explores how organizations can embrace AI-driven development while ensuring software quality and compliance. Download now to learn how to balance AI adoption with security and implement the four pillars of modern software development: https://lnkd.in/g2bFa4gC #DevOps #Cybersecurity #SoftwareDevelopment #SCA #SoftwareSupplyChain

?? Strengthen Your Software Supply Chain with CERT-In SBOM Guidelines India’s CERT-In is shaping the future of cybersecurity with its Software Bill of Materials (#SBOM) Guidelines—setting the stage for greater transparency, security, and risk mitigation in software development. While not yet mandatory, these guidelines are a best practice for Government, Public Sector, Essential Services, and software-exporting organizations. Get ahead of regulatory shifts and secure your supply chain today. https://lnkd.in/gR6qQdiw #CyberSecurity #SoftwareSupplyChain #CERTIn Mitun Zavery

We’re proud to announce that Sonatype has been recognized by the 2025 Cybersecurity Excellence Awards! These wins highlight our commitment to securing the software supply chain by providing intelligent automation, advanced SBOM management, and proactive risk mitigation. Sonatype SBOM Manager won the SBOM Management and Software Supply Chain Security categories, and Sonatype Lifecycle was recognized as the winner in Software Composition Analysis (SCA). See how Sonatype helps organizations strengthen their open source security: ?? Explore SBOM Manager: https://bit.ly/4hztwaC ?? Learn More About Lifecycle: https://bit.ly/3FDxqSo #SoftwareSecurity #SBOM #SCA #DevSecOps #SoftwareSupplyChain #Sonatype #Cybersecurity #OpenSourceSecurity

Sonatype has discovered and responsibly disclosed four vulnerabilities in picklescan, a tool designed to detect unsafe Python pickle files in AI/ML models. These vulnerabilities, now fixed, could allow attackers to slip malicious models past its defenses. This discovery is a wake-up call: AI/ML security can’t rely on a single tool. A multi-layered defense strategy is essential to detect evolving threats and protect software supply chains. Learn more about the vulnerabilities and best practices for safely using open source AI: https://bit.ly/4kJxnoc #AI #Cybersecurity #SoftwareSupplyChain #MachineLearning #Sonatype #HuggingFace