Building an authoritative voice on software security
In the wake of a critical software flaw in Log4J, open source software security took centre stage, dominating headlines and prompting US government intervention. Already regular commentators on open source security as a result of its work with Babel, Sonatype wanted to be a key voice in the media conversation – but competition for airtime was fierce.
As soon as the Log4j news broke, Babel created a unique point-of-view for Sonatype, highlighting how the vulnerability’s impact could be mitigated. To establish Sonatype as the authority on the issue, comments were underpinned by data from Maven Central, which Sonatype manages, revealing the extent of the problem globally and showing the number of daily downloads of the vulnerable version. After issuing commentary to top tier media, Babel continued to leverage the data and Sonatype’s unique insights. The team developed a media alert a month after the initial disclosure, revealing that 40% of Log4j downloads were still critically vulnerable. The data was also used to support the wider thought leadership campaign and as the basis of a virtual media roundtable with the Financial Times.
The data was instrumental in engaging influential outlets and creating a differentiated position for Sonatype, resulting in coverage in the likes of BBC News, Computer Weekly, The Stack, Computing, The Register, and ZDNet. This extensive media coverage ensured that Sonatype owned the Log4j conversation, securing 56% share of voice on the issue over the company’s top five competitors.
March 26, 2023