Sonatype news stories
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
Huge vulnerabilities in software supply chain being exploited
A very exposing report has revealed breaches are rising and response times are falling, largely due to shoddy software development practices.