Brian Fox
@brianfox.bsky.social
📤 371
📥 14
📝 9
Sonatype CTO
reposted by
Brian Fox
Josh Bressers
4 months ago
On
#OpenSourceSecurity
I had a chat with
@brianfox.bsky.social
about the sustainability letter from the open source package registries This one is a big deal. The costs for open source are paid by someone, if you don't know who, you need to read this letter
opensourcesecurity.io/2025/2025-10...
loading . . .
Sustaining Package Repositories with Brian Fox
Brian Fox discusses the challenges and future of open source package repository infrastructure. We discuss the complexities of managing public registries, the impact of overconsumption, and the import...
https://opensourcesecurity.io/2025/2025-10-sustaining-repos-brian-fox/
0
2
1
Yes all of this. Now it’s time to fix it.
add a skeleton here at some point
4 months ago
0
2
0
Free isn’t free: the infrastructure behind open source has real costs, and it’s time we aligned usage with responsibility. This morning we jointly launch a new blog and open letter on sustainable stewardship.
www.sonatype.com/blog/from-ab...
loading . . .
From Abuse to Alignment: Why We Need Sustainable Open Source Infrastructure
Open source relies on shared infrastructure. Learn why sustainable stewardship is critical to keep ecosystems like Maven Central strong.
https://www.sonatype.com/blog/from-abuse-to-alignment-why-we-need-sustainable-open-source-infrastructure
4 months ago
0
24
16
reposted by
Brian Fox
Help Net Security
10 months ago
Open-source malware doubles, data exfiltration attacks dominate 📖 Read more:
www.helpnetsecurity.com/2025/04/03/o...
#cybersecurity
#cybersecuritynews
#opensource
@brianfox.bsky.social
loading . . .
Open-source malware doubles, data exfiltration attacks dominate - Help Net Security
A total of 17,954 open source malware packages identified in Q1 2025, according to Sonatype's Open Source Malware Index.
https://www.helpnetsecurity.com/2025/04/03/open-source-malware-index-q1-2025/
0
1
1
www.thecvefoundation.org
loading . . .
CVE Foundation
FOR IMMEDIATE RELEASE April 16, 2025 CVE Foundation Launched to Secure the Future of the CVE Program [Bremerton, Washington] – The CVE Foundation has been formally established to ensure the long-term ...
https://www.thecvefoundation.org/
9 months ago
1
0
0
Good news for Java developers! Central now validates OpenSSF sigstore signatures as part of publishing. If you’re already signing your artifacts with Sigstore, you’ll now get real-time validation feedback in the Central Publisher Portal. Read more details here:
www.sonatype.com/blog/central...
12 months ago
0
5
3
reposted by
Brian Fox
OpenSSF
about 1 year ago
📢 The
@linuxfoundation.org
, with Harvard's Laboratory for Innovation Science, has released Census III of Free and Open Source Software – Application Libraries. 🖥️ Key insights from OpenSSF help reduce FOSS vulnerabilities and secure supply chains. Read more:
openssf.org/press-releas...
0
3
2
you reached the end!!
feeds!
log in
