惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
T
Tor Project blog
AWS News Blog
AWS News Blog
量子位
博客园 - 聂微东
L
LINUX DO - 热门话题
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
小众软件
小众软件
人人都是产品经理
人人都是产品经理
A
About on SuperTechFans
L
Lohrmann on Cybersecurity
Know Your Adversary
Know Your Adversary
V
Visual Studio Blog
P
Privacy International News Feed
K
Kaspersky official blog
NISL@THU
NISL@THU
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
G
GRAHAM CLULEY
S
Securelist
Last Week in AI
Last Week in AI
Latest news
Latest news
B
Blog
T
Tenable Blog
Cisco Talos Blog
Cisco Talos Blog
宝玉的分享
宝玉的分享
T
The Exploit Database - CXSecurity.com
N
Netflix TechBlog - Medium
A
Arctic Wolf
SecWiki News
SecWiki News
C
Cisco Blogs
月光博客
月光博客
PCI Perspectives
PCI Perspectives
Cloudbric
Cloudbric
H
Hacker News: Front Page
F
Full Disclosure
TaoSecurity Blog
TaoSecurity Blog
V2EX - 技术
V2EX - 技术
The Last Watchdog
The Last Watchdog
S
Schneier on Security
罗磊的独立博客
S
Security Affairs
Scott Helme
Scott Helme
P
Proofpoint News Feed
GbyAI
GbyAI
Google Online Security Blog
Google Online Security Blog
The Register - Security
The Register - Security
W
WeLiveSecurity
Hugging Face - Blog
Hugging Face - Blog
博客园 - 叶小钗

Press Releases

Sonatype Research Labs Marks 15 Years of Open Source Intelligence Sonatype Named a Leader in the 2026 Gartner® Magic Quadrant™ Sonatype Strengthens Leadership Team for AI-Driven Growth Sonatype Firewall Extends Malicious Package Protection Sonatype Releases Q1 2026 Open Source Malware Index AI Grounded in Intelligence Delivers Safer Outcomes | Sonatype Sonatype Research Reveals Open Source Malware Grows 75% Sonatype Introduces Guide for Secure Agentic Development CVE Program Leaves Vulnerabilities Unscored | Sonatype Sonatype Unveils Nexus One: An AI-Native DevSecOps Platform Sonatype Grand Opening of India Innovation Hub in Hyderabad Announcing 2025 Elevate Award Winners & Finalists | Sonatype Open Source Malware Surges in Q3 as Attackers Target Dependencies Sonatype Named Visionary in 2025 Gartner® Magic Quadrant™ for AST Sonatype Launches Nexus Repository Cloud in the AI Era | Sonatype
Sonatype and Package Registry Leaders Unite on OS Sustainability
Sonatype · 2026-05-06 · via Press Releases

New Linux Foundation initiative convenes registry leaders to develop shared approaches to funding, governance, and long-term ecosystem resilience.


Fulton, Md. – May 6, 2026
Sonatype®, the leader in AI-driven DevSecOps and steward of Maven Central, today announced its participation as a founding member of the newly-formed Sustaining Package Registries Working Group. Under the Linux Foundation, the Working Group provides a forum for registry leaders to collaborate on the financial, operational, and infrastructure challenges of sustaining public package registries at global scale.

As open source consumption and publishing move from developer scale to machine scale, reaching close to 10 trillion downloads in 2025, registries are facing a sharp rise in AI-driven demand, bot traffic, automated publishing, security reporting volume, and registry abuse. Those pressures are exposing a broader sustainability gap that now poses a software supply chain security and resilience risk.

“Package registries sit at the front lines of software supply chain security and resilience,” said Christopher Robinson, Chief Technology Officer and Chief Security Architect at the Open Source Security Foundation. “As the pace of consumption, publishing, and attack activity accelerates, the stewardship behind these systems has to evolve as well. This initiative will be an important venue for registry leaders and ecosystem stakeholders to align on practical, community-minded ways to sustain the infrastructure on which modern software depends.”

Building off of the Joint Statement on Sustainable Stewardship, core objectives of the Sustaining Package Registries Working Group include:

  • Economic sustainability: Develop funding models registries can adopt to cover infrastructure, operations, maintainers, and governance costs.
  • Collective defense: Foster coordinated security practices and information sharing across registries to help the ecosystem detect and respond to threats more effectively.
  • Governance enablement: Craft shared policy frameworks and standardized terms to support sustainable funding models.
  • Ecosystem education and transparency: Create aligned communications and educational content that helps the ecosystem better understand registry sustainability efforts.

“Open source registries are no longer passive distribution points. They are operational and security-critical systems sitting in the path of nearly every modern software build,” said Brian Fox, Co-founder and CTO of Sonatype. “If we want the software supply chain to remain resilient, we need a serious conversation about how these platforms are funded, governed, and sustained at global scale. It’s time to treat registry sustainability as a shared responsibility across the software industry.”

For an update on the Working Group’s activities, read the latest Joint Statement: Open Infrastructure Is Not Free, Part II: The Hidden Cost of Running Package Registries.

About Sonatype

Sonatype is the leader in AI-driven DevSecOps. As the maintainers of Maven Central and creators of Nexus Repository, Sonatype has spent two decades pioneering how the world manages and secures open source software — making Sonatype the trusted authority for modern software supply chains. With unmatched open source visibility and a unified product suite built for modern software development, Sonatype gives enterprises the intelligence and automated governance they need to harness the full potential of open source and AI. Sonatype handles the complexity behind the scenes: guiding component and model selection, blocking harmful malicious code, automating dependency and vulnerability management, and ensuring faster, more reliable builds — so developers spend more time on innovation and less time on remediation and rework. Trusted by more than 15 million developers, Sonatype helps power secure, modern software development at nearly 2,000 global organizations including 70% of the Fortune 100. To learn more about Sonatype, please visit www.sonatype.com.