In IT it is especially easy to get caught up in the How of just about any facet of our work. It all seems so mechanical, just tell me what tools to use and how you want it architected and we can go bang out a solution, it's what we do. DevOps and DevSecOps have been no different as we tend to focus on the CI/CD pipelines and which tools to integrate into it. Hopefully this article will ground us in what DevOps is when we pull back the curtain and why that matters.

Last Monday, the open source developer community woke up to news that GitHub was being acquired by Microsoft for an incredible $7.5 billion. For many, there was an emotional response to the announcement. And, understandably so. GitHub is not just a place to put code, but it’s a venue for collaboration, expression and discovery. No one wants that to change, and with Microsoft’s involvement, I don’t think it will. It’s only going to get stronger.

Security vulnerabilities in open source software are a fact of life. Sonatype has extensive automated monitoring systems in place designed to discover zero days prior to their public disclosure.