Published May 09, 2013 08:00
The rise of open-source, component-based development hasn’t come without risks, according to the Open Web Application Security Project’s (OWASP) 2013 Top 10 list.
more
Published May 06, 2013 08:00
Sonatype Component Lifecycle Management (CLM) is Network World's product of the week for 5/6/13.
more
Published May 02, 2013 08:00
Open source component use continues to skyrocket with applications now more than 80 percent component-based, while at the same time organizations continue to struggle with establishing policy to secure and govern component use. According to the Sonatype survey, 76 percent of organizations have no component management policies in-place.
more
Published May 01, 2013 08:00
When it comes to developing applications, open-source component use continues to skyrocket. And like operating systems or databases, open-source components represent a rich attack vector for hackers to exploit given their commonality across organizations and applications.
more
Published May 01, 2013 08:00
Open source is losing (process) control
more
Published May 01, 2013 08:00
Sonatype Open Source Development Survey suggests failings at developmental management level
more
Published April 30, 2013 13:16
The annual Sonatype survey suggests enterprise application developers are leaving huge security holes open with their use of open source components.
more
Published April 30, 2013 08:00
Sonatype, the leader in Component Lifecycle Management (CLM), today introduced a revolutionary new approach to application security which significantly reduces the risk in using freely available, open source software (OSS) components. Sonatype CLM is the first and only solution to secure the entire component lifecycle – from design, development and deployment through production operations.
more
Published April 30, 2013 08:00
A significant portion of software is assembled using open source components and frameworks downloaded from public repositories, according to a software development survey.
more![Dark Reading](/system/images/W1siZiIsIjIwMTMvMDUvMDEvMTYvMjgvNTAvNTMzL25ld3Nfc291cmNlX2RhcmtfcmVhZGluZy5wbmciXV0/news_source_dark_reading.png")
Published April 30, 2013 08:00
The Open Web Application Security Project adds common software components to its list of threats to spur developers to look more deeply at software libraries
more
Published April 30, 2013 08:00
Sonatype's annual survey of 3,500 software developers and shows struggle in setting corporate policy on open source and enforcing it
more
Published April 19, 2013 08:00
It’s not uncommon for a software application today to consist of 80% or more open-source components, which explains enterprises’ growing use of repository managers, solutions that help them govern what open-source components are being used by their developers.
more
Published March 17, 2013 03:41
Open source software is an easy punching bag when security breaches arise. But getting rid of open source isn’t the answer — it is too valuable. Instead, we need to take some key steps to ensure the security of components throughout development.
more
Published March 13, 2013 04:45
Researchers discuss relative risks and potential remedies
more
Published March 01, 2013 04:52
There is a dynamic shift occurring in the software development landscape. No longer are applications written, today most are assembled using open source components. The growing reliance on externally sourced, open-source components as core building blocks for modern application development, coupled with the complexity of the ecosystem, has ushered in new risks for the software supply chain. This article will explore the licensing, security, and quality risks associated with component-based development and its direct impact on the integrity of the software supply chain.
more
Published January 18, 2013 09:29
There are reports of the discovery of a remote code execution flaw in the Spring Framework, but many are not mentioning that the flaw in question was fixed over a year ago and that what has been found is actually a new way to exploit that old flaw. In 2011, a "variable" severity flaw, identified as CVE-2011-2730, was discovered by two researchers in versions 3.0.0 to 3.0.5, 2.5.0 to 2.5.6SEC02 and 2.5.0 to 2.5.7SR01. more
Published January 17, 2013 09:31
There's a major flaw in the Java-based Spring Framework open-source development code that allows remote-code execution by attackers against applications built with it, according to the security firm Aspect Security, which identified the flaw. more
Published January 17, 2013 09:20
Spring Framework, an open-source Java development framework developed by SpringSource and used by software developers to produce business-critical applications, includes a vulnerability that could lead to remote code execution. more
Published January 16, 2013 09:24
Another Web framework, another flaw. Just days after Ruby on Rails maintainers closed bugs in the popular Web framework, researchers highlighted a remote injection vulnerability in the Spring Framework and associated problems that went along with it. more
Published January 15, 2013 10:50
Software company Sonatype has named Ryan Berg as Chief Security Officer. more
