What’s happening with the CrowdStrike incident: When a software update turns into a cyber crisis
This morning's CrowdStrike incident, where a routine update caused a cascading failure across thousands of critical systems worldwide, is a stark reminder of the fragile interconnectedness of our digital world. While this incident was a misstep, not malice, it exposes the vulnerability of our essential services ... Read More
Maven Central and the tragedy of the commons
The tragedy of the commons is a concept in economics and ecology that describes a situation where individuals, acting in their own self-interest, collectively deplete a shared resource. In simpler terms, it's the idea that when a resource is available to everyone without restriction, some individuals tend to overuse it, ... Read More
The overview effect: Two decades of unique perspective
Based on data from 2023, just under 700 people have made the (sometimes) dangerous journey to space and seen our planet in a different light. Astronauts often write about their experiences in space, ranging from the mundane to the unexplained. However, there is one experience that every space traveler speaks ... Read More
A demand for real consequences: Sonatype’s response to CISA’s Secure by Design
In the fast-changing fields of cybersecurity and software development, the importance of creating secure software is more crucial than ever. Recently, my colleagues and I at the Open Source Security Foundation (OpenSSF) finalized a response to the latest Secure by Design RFC from the Cybersecurity and Infrastructure Security Agency (CISA) ... Read More
White House National Cybersecurity Strategy: Landmark Action for a Critical Threat
The last decade has seen increased reliance on software across every part of our lives. In parallel, we’ve seen a massive increase in attacks on this digital infrastructure, causing harm to financial markets, hospitals, and ultimately human lives. While there has been an increasing understanding within the software industry of ... Read More
Innovation at the Expense of Cybersecurity? No More!
Earlier this month, Jen Easterly and Eric Goldstein of the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security signaled a major shift in the federal government’s approach to cybersecurity risk and responsibility. In their Foreign Affairs article Stop Passing the Buck on Cybersecurity, Easterly and Goldstein ... Read More
