Sonatype
Sonatype
YouTube Video
Sonatype
Sonatype
Blog Post
  • This article published yesterday in Gizmodo -- and this one published this morning in the Wall Street Journal shed light on what Rick Smith, former Equifax CEO, will say today to Congress when he testifies on the series of cyber security missteps that led to their recent massive hack.

Sonatype
Sonatype
Blog Post
  • We at Sonatype spend a lot of time talking about shifting application security and OSS governance to the left and rightfully so. Like so many other 'quality' attributes the key to going faster is to get your feedback much earlier in the process and essentially build quality in instead of trying to test/inspect it in later.

Sonatype
Sonatype
Blog Post
  • Ever since we got the Nexus Repository Manager certified for use in OpenShift I get a lot of questions about what that means and how to use it. To that end I wanted to share how I have been dipping my own toes into this water to better understand how to answer these questions myself.

Sonatype
Sonatype
Blog Post
  • Here at Sonatype we spend a lot of time and energy talking about 'security' and DevSecOps and rightfully so as we have a very strong story in this regard. However, I want to take some time and dig a little bit deeper into our least talked about persona that can benefit from an automated policy, the Architects. Whether you're an enterprise architect or an application architect I think y...

Sonatype
Sonatype
Blog Post
  • I’ve been spent a ton of time over the past few weeks chatting with different folks about GDPR and how this soon to be enforced EU regulation is contributing to a rising tide of interest in best practices for IT risk management and open source governance.

Sonatype
Sonatype
Blog Post
  • The breach at Equifax is a siren call. It's time for organizations to approach the problem of managing open source software by using automated technology, not manual processes. In this video, Ilkka Turunen walks through how Nexus Lifecycle would have alerted an organization to its use of an open source component with a known vulnerability, and then shown steps to remediation.

Sonatype
Sonatype
YouTube Video
  • The breach at Equifax is a siren call. It's time for organizations to approach the problem of managing open source software by using automated technology, not manual processes. In this video, Ilkka walks through how Nexus Lifecycle would have alerted an organization to its use of an open source component with a known vulnerability, and then shown steps to remediation. https://www.sonatype.com/nexu...

Sonatype
Sonatype
Blog Post
  • In 1965, Ralph Nader became a household name with the publication of “Unsafe at Any Speed”, his pointed critique of the serious safety risks foisted upon consumers by the American automotive industry at the time. The oligarchs, ahem, leaders of this industry remained complacent with the delivery of their killing machines, emboldened further by an inept, if not corrupt, Federal Trade Co...

Sonatype
Sonatype
Blog Post
  • In our continuing series on the Struts2 vulnerability announcement and the breach at Equifax, we spoke with Mark Thomas, Director, Apache Software Foundation, and Brian Fox, CTO, Sonatype to clarify the processes ASF goes through when a vulnerability is found within one of their projects.

Sonatype
Sonatype
YouTube Video
  • In our continuing series on the Struts2 vulnerability announcement and the breach at Equifax, we spoke with Mark Thomas, Director, Apache Software Foundation, and Brian Fox, CTO, Sonatype to clarify the processes ASF goes through when a vulnerability is found within one of their projects. About Mark Thomas Mark is currently employed by Pivotal where he spends most of his time working on Apache To...

Sonatype
Sonatype
Blog Post
  • With the acknowledgement by Equifax that the massive breach of over 143 million customer records was caused by an unpatched vulnerability in Struts2, we try and slow down a bit to talk about who is responsible for this, the creators of the open source solutions or the people who use them. In this broadcast, we speak with David Blevins, CEO of TomiTribe and Brian Fox, CTO of Sonatype. 

Sonatype
Sonatype
Blog Post
  • Last week Equifax announced that it had suffered a massive security breach that exposed Social Security numbers and addresses, of up to 143 million Americans and 40 million more people in the UK.  Equifax said the breach happened between mid-May and July 2017.  It discovered the hack on July 29.  It informed the public on September 7.

Sonatype
Sonatype
Blog Post
  • I am pleased to announce that we recently released Nexus Lifecycle XC which includes expanded coverage for a larger ecosystem of languages including Ruby, PHP, Swift, Cocoapods and others. As we promised earlier this summer with the announcement of XC, Sonatype now provides a win-win intelligence engine that combines the depth of Lifecycle data for machine automated open source control...

Sonatype
Sonatype
Blog Post
  • In January 2016, Laksh Raghavan of PayPal wrote about how his company managed their response to a critical Java open source component vulnerability in one of their applications.  Similar to the vulnerable Struts2 component being implicated in last week's Equifax breach of 143 million consumer records, the vulnerability at PayPal would allow for remote execution of code -- the most crit...

Out-Market Your Competitors?

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account Log in

By signing up, you agree to the Terms of Service and Privacy Policy.

Out-Market Your Competitors

Get complete competitive insights on over 2.2 million companies to drive your marketing strategy.

Create Free Account

Already a user?  Log in

By signing up, you agree to the Terms of Service and Privacy Policy.