Book a Meeting
with us at RSAC!
* Required fields.
Connect with the Sonatype Team
Book a meeting for a chance to secure a pair of Ray-Ban Meta Glasses. ⤵️
The software supply chain is under attack — from open source malware to AI-driven threats. At RSAC, Sonatype is bringing expert insights, cutting-edge solutions, and real-world strategies to help organizations build securely, ship faster, and stay ahead of emerging risks.
Join us at Booth 4427 to:
- Learn what's new with Repository Firewall
- Test your skills identifying (open) source malware or a safe component
- Meet our security experts
- Discover the latest in AI governance, SBOM management, and open source risk mitigation
Explore how Sonatype can help your organization build secure, resilient software—without slowing down innovation.
Schedule a 1:1 meeting or demo the latest from Sontaype’s platform.
The Future of Software Security Starts Here
Keeping your software supply chain secure starts with access to the best data. Stop by the booth to learn how you can find and defend against open source malware and vulnerabilities.
- 70% more vulnerabilities found than alternate databases
- 2.8M+ malicious downloads prevented
- 90% faster time to vulnerability remediation
- 0.01% false positive rate
Visit us and get a copy of the 10th Annual State of the Software Supply Chain Report. Brian Fox, Sonatype CTO and Co-founder, will be signing books and answering questions. Stop by to get a signed copy.
- APRIL 29 | 12:00 PM PDT
- APRIL 30 | 2:30 PM PDT
Visit Us at One of These RSAC Sessions
AI and Security: Securing AI-Powered Development and Applications
Monday, April 28th 2:30 PM - 3:00 PM PDT
As organizations adopt AI-powered development tools and agentic AI agents and coding, new security challenges and opportunities emerge that demand strategic attention. Our panel will examine how AI is simultaneously revolutionizing both application development practices and security approaches, creating a rapidly changing threat models for protecting software development augmented by AI. Participants will gain practical insights on the evolving threat landscapes, practical steps to take now and in the future, and preparing their organizations for this transformative shift.
Tyler Warden
SVP, Product
Open Source Malware: What is It and How to Defend
Tuesday, April 29th at 5:10 PM PDT
Threat actors are increasingly targeting development pipelines with open source malware, a uniquely dangerous threat that is proliferating with 200%+ growth year-over-year. This talk will dive into the most prominent types of open source malware, why and how it’s different from traditional malware, best practices for defense, and insights into how the attack vector will evolve.
Tyler Warden
SVP, Product
Unpickling PyTorch: Keeping Malicious AI Out Of The Enterprise
Wednesday, April 30th at 8:30 AM PDT
PyTorch is a go-to framework for organizations building their own LLMs. But, how can you be sure you aren’t accidentally running malicious code? Existing tools that examine the unpickling process produce false positives, posing more questions than answers. This session will demonstrate a new method for developers to identify and extract malicious code before it runs, keeping AI models safe.
Trevor Madge | Andrew Stein
Senior Data Engineer | Principal Data Engineer
Software Supply Chain Security, AI, and Regulation
Thursday, May 1st at 10:50 AM - 11:40 AM PDT
Examine how AI adoption and evolving regulations reshape software supply chain security landscape with analysts and experts who will analyze emerging trends, compliance requirements, and AI's dual role as both risk and solution, offering practical insights for security teams adapting to these modern, interconnected challenges.
Tyler Warden
SVP, Product
