<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Media

Stay current on Sonatype news.
GCN

July 22, 2016 - Protecting the open source software supply chain

What: The 2016 State of the Software Supply Chain report from Sonatype detailing the use of open source components in software. Why: Because 80 to 90 percent of today’s software applications are made of component parts, and increasingly, open source components,  defect rates and security and quality issues abound within the software supply chain. Adopting supply chain automation principles, however, could reduce vulnerabilities.

CSO

July 11, 2016 - Enterprise software developers continue to use flawed code in apps

The use of third-party code in enterprise software projects is growing fast, but the used code often has known flaws. 
Dive Logo

July 11, 2016 - Report: Enterprises more reliant on open source and third-party software components

The software supply chain is booming and enterprises are frequently turning to open source and third party software components to decrease the amount of code they have to write, which helps accelerate deployment cycles, according to Sonatype’s 2016 State of the Software Supply Chain report released Monday.
esecurity

July 11, 2016 - Room for Application Security Improvement

Application security suffers from the indiscriminate use of open source software components, finds Sonatype research.
LOGO_SDTimes_copy-1.png

July 11, 2016 - The State of the Software Supply Chain report

Open-source software is being used more than ever, yet practices for sourcing the software are inefficient and vulnerabilities are pervasive, according to a report from supply-chain automation provider Sonatype. 
LOGO_SDTimes_copy.png

April 13, 2016 - Sonatype launches new Nexus Universal Repository Manager

Sonatype, the leader in software supply chain automation, today released the latest version of Nexus Repository, adding free support for seven of the most popular software component types. Additionally, Sonatype announced that Nexus Repository has now surpassed 100,000 active installations, including a majority of the Fortune 100, and continues to experience massive growth in usage. 
the_wall_street_journal.jpg

Feb 4, 2016 — Goldman Sachs Leads $30M Round in Sonatype

Goldman Sachs has led a $30 million investment in software developer Sonatype to help protect the quality of its open source software.
Washington-post-logo-thumb.jpg

Feb 4, 2016 — Md.-based cyber firm picks up $30 million led by Goldman Sachs

Jackson said helping Goldman with its own software infrastructure led to the financing announced Thursday. If the institution hadn’t been a customer, he says, “they probably never would have found us.”
fortune_logo.png

Feb 4, 2016 — Goldman Sachs Leads $30 Million Investment in Software Supply Chain Fixer

Don Duet, who co-leads the tech division at Goldman, cited the growing importance of open source code at his company as justification for the deal. “Today, open source components underpin a vast majority of our most mission-critical applications at the firm,” he said in a statement.
techcrunch_logo-1.png

Feb 4, 2016 — Sonatype Snares $30 Million Investment Led By Goldman Sachs

Sonatype, a company that helps customers create automated, policy-driven software component security, announced a $30 million round today led by Goldman Sachs.
cnn_money_copy.png

Dec 15, 2015 — Unwritten Rules of Hacking

Sonatype CTO Josh Corman is featured in CNN Money news segment from DefCon 2015 in Las Vegas, discussing white hat hacking as a force for good.
Forbes-logo.jpg

Dec 14, 2015 — Safer Open Source Code Inside The Enterprise – Sonatype Nexus Firewall

Given this new proliferation of open source software components, we are starting to see automation controls come forward to help control these essentially dynamic and constantly developing code bases. 
hp-enterprise-logo.png

Nov 20, 2015 — Who let security into DevOps?

Josh Corman featured in a series that covers DevOps and SecOps, and securing the Internet of Things.
pc_world.png

Nov 13, 2015 — Thousands of Java applications vulnerable to nine-month-old remote code execution exploit

A popular Java library has a serious vulnerability, discovered over nine months ago, that continues to put thousands of Java applications and servers at risk of remote code execution attacks.
infoq_copy.png

Nov 13, 2015 — Twistlock Partners with Sonatype on Container Security

Twistlock have also partnered with Sonatype in order to help developers keep vulnerabilities out of the ‘left hand side’ of the image creation process.
mashable-logo_copy.png

Aug 18, 2015 — All the cyberattacks on the U.S. government (that we know of)

Federal agencies have suffered at least a dozen major data breaches or network intrusions since 2007. What's troubling is, experts say these are high-tech attacks trending toward an old-fashioned end: Espionage.
fox_business_copy.png

Aug 14, 2015 — Sonatype CTO, Josh Corman, interviewed on Fox Business News about a recent Verizon phone bill hack.

Sonatype CTO, Josh Corman, is interviewed on Fox Business News about cyber security and recent hacks on vehicles, medical devices and now a Verizon phone bill with a $117,000 charge.
cnbc_logo_copy-1.png

Aug 12, 2015 — CNBC Interview with Sonatype CTO, Josh Corman, about cyber security

CNBC interviews Sonatype CTO, Josh Corman, about a suspected Russian attack on the Pentagon with a discussion about the broader implications of cyber security.
InfoSecurity-Magazine.png

Jul 20, 2015 — When Good Code Goes Bad

Unlike other industries that rely on supply from other organizations, software development has no clear way to understand when an open source or proprietary component 'part' is found to be defective.
Cnet-logo-Pentagram_copy.png

Jun 23, 2015 — Programmers are copying security flaws into your software, researchers warn

Programmers -- the people who create the software -- don't write all their code from scratch, instead borrowing freely from others' work. The problem: they're not vetting the code for security problems.
cio_logo.jpg

Jun 16, 2015 — Software Applications Have on Average 24 Vulnerabilities Inherited from Buggy Components

Many commercial software companies and enterprise in-house developers are churning out applications that are insecure by design due to the rapid and often uncontrolled use of open-source components.
apps.png

Jun 1, 2015 — Sonatype Facilitates DevOps Approach to App Dev

Applications are rarely built from scratch today, but rather tend to leverage myriad tools and libraries as organizations increasingly move to a rapid deployment DevOps style of IT.
SoftwareMagLogoWeb.jpg

May 18, 2015 — Learning by Example: What software developers can learn from Toyota about supply chains

Software developers can learn a lot from the example of car manufacturing. Both stand to benefit from reducing the complexity in their supply chains and gaining more control over the parts they use.
darkreading.png

Jan 23, 2015 — Growing Open Source Use Heightens Enterprise Security Risks

The data breaches disclosed earlier this month at Park ‘N Fly and OneStopParking.com, two major airport parking services, highlight the continuing risk that enterprises face from using open-source software in their environments without a plan for managing it.
GCN_logo_copy.png

Jan 21, 2015 — How secure are your open source-based systems?

The Cyber Supply Chain and Transparency Act of 2014 requires any supplier of software to the federal government to identify which third-party and open source components are used and verify that they do not include known vulnerabilities for which a less vulnerable alternative is available.