DevOps Days

DevOps Days Melbourne

Date: July 16 - 17, 2015
Location: Melbourne Convention and Exhibition Centre - Melbourne, Australia

Sonatype is a silver sponsor for DevOps Days Melbourne!

more
Sonatype Webinar

Carahsoft and Sonatype Partnership Kickoff Webcast: Public Sector Software Development

Original Broadcast Date: June 10, 2015

As usage of Open Source Software increases in public sector and mission critical applications, it is important to continually secure the supply chain and select the safest components available. View this webinar to see how Sonatype's Nexus Lifecycle product help you quickly and proactively find and replace flawed open source from your software ecosystem and achieve comprehensive and lasting governance across the entire software supply chain. View now.

more

Programmers are copying security flaws into your software, researchers warn

It's easy to assume that hackers work way above our pay grade. Electronic intruders must be able to exploit vulnerabilities in the software we use because they're evil geniuses, right? That may be the case in some very sophisticated attacks, experts say, but in others, not so much. Programmers -- the people who create the software -- don't write all their code from scratch, instead borrowing freely from others' work. The problem: they're not vetting the code for security problems.

more

Study of 106,000 Software Development Organizations Reveals That The Way the World Creates Software is Broken

23% of the Components in the Average Software Application Contain Known Vulnerabilities

FULTON, Md., June 17, 2015 /PRNewswire/ -- Sonatype today released the results of an extensive study of the software development practices of 106,000 organizations representing 17 billion requests for open source and third party software components from the Central Repository in 2014 alone. The study revealed that the way the world creates software is broken – with 23% of the components in the average software application containing known vulnerabilities.

more

Software Applications Have on Average 24 Vulnerabilities Inherited from Buggy Components

Many commercial software companies and enterprise in-house developers are churning out applications that are insecure by design due to the rapid and often uncontrolled use of open-source components. Even worse, these software makers wouldn’t be able to tell which of their applications are affected by a known component flaw even if they wanted to because of poor inventory practices.There’s a supply chain discipline to how companies from the various manufacturing industries source their components and track where they use them, that the software development industry has not yet embraced, said Joshua Corman, Sonatype’s CTO.

more
Sonatype Webinar

Webinar: New Research Reveals 24 Vulnerabilities in the Average Application

On-Demand Recording: Streamed June 24, 2015

Hear the results of an extensive analysis of open source usage across 106,000 development organizations. We’ll be drawing analogies between modern software development and traditional manufacturing supply chains, focusing on proven steps to improve speed, efficiency and quality.

Walk away with best practices and industry benchmarks you can use to better align your development efforts against well established supply chain principles.

more

Sonatype Facilitates DevOps Approach to App Dev

Applications are rarely built from scratch today, but rather tend to leverage myriad tools and libraries as organizations increasingly move to a rapid deployment DevOps style of IT. "We're unifying our combination of solutions as a platform, so that organizations can get the full perspective on how software is built," Wayne Jackson, Sonatype's CEO, told Enterprise Apps Today. "It's a full-on embrace of the role that supply chain concepts play in the context of DevOps."

more

Learning by Example: What software developers can learn from Toyota about supply chains.

Software developers can learn a lot from the example of car manufacturing. Both stand to benefit from reducing the complexity in their supply chains and gaining more control over the parts they use. The software supply chain is growing increasingly complicated, and with that complexity comes challenges. As complexity continues to grow, software supply chain automation will usher in a new era for application development efficiency that drives increases in innovation, productivity, cost savings, and control over risk.

more
Devopscom News Source

Security, DevOps and the shift to a software supply chain

Josh Corman, Sonatype CTO and Gene Kim, author of The Phoenix Project, believe that the ultimate Zen state to strive for in software delivery is a "software supply chain. This makes you even faster than DevOps–even more efficient and with higher quality and risk mitigation without tradeoffs.” The idea of the software supply chain further builds on the lean manufacturing principles of W. Edwards Deming, who many in the Agile and DevOps worlds see as the spiritual grandfather of these movements.

more
FBC logo

NSA Information Assurance Symposium

Date: June 29- July 1, 2015
Location: Walter E. Washington Convention Center Ballroom - Washington, D.C.

The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia.

more
Devopscom News Source

A True Story: DevOps(Sec) Manages Out Elective Risks

Bill boosted developer productivity by 15% last year after taking a closer look at the company's software supply chain. And this approach isn't unique to Bill's organization. Many high performance IT and DevOps teams are adopting proven supply chain principles to accelerate software delivery.

more
Jenkins logo

Jenkins User Conference Santa Clara

Date: September 2-3, 2015
Location: Santa Clara Convention Center

The world’s biggest conference for Jenkins users, by Jenkins users. Come learn how to optimize Jenkins across the software delivery process! Sonatype is proud to be a platinum sponsor for the event.

more

Sonatype’s Nexus Repository Manager Installs Double in Last 18 Months, Reinforcing Dominant Market Share Position

Fulton, MD – February 26, 2015 – Sonatype, the Nexus company and a continuous delivery leader, today announced that its Nexus repository manager usage has doubled in the last 18 months (July 2013 to February 2015.) With five times more installs than any other repository manager, Nexus continues to be the industry standard for accelerating continuous software delivery and DevOps.

more

Growing Open Source Use Heightens Enterprise Security Risks

Companies often have little clue about the extent of third-party code in the enterprise or the risks it poses, security experts say. The data breaches disclosed earlier this month at Park ‘N Fly and OneStopParking.com, two major airport parking services, highlight the continuing risk that enterprises face from using open-source software in their environments without a plan for managing it. The breaches were another reminder of how flaws in third-party software can sometimes cause major headaches for companies that are not prepared for them.

more

How secure are your open source-based systems?

The use of open source in federal systems is attracting scrutiny. In December, House Committee on Foreign Affairs Chairman Ed Royce (R-Calif.) and Rep. Lynn Jenkins (R-Kan.) introduced the Cyber Supply Chain and Transparency Act of 2014 (H.R. 5793) that would have required any supplier of software to the federal government to identify which third-party and open source components are used and verify that they do not include known vulnerabilities for which a less vulnerable alternative is available. One way to check if your systems are comprised is with an Application Health Check that provides a free breakdown of every component in an application and alerts IT managers to potential security and licensing problems.

more

US Congress Intervenes to Address Cyber Security Crisis with Software Supply Chain Focus; Sonatype Introduces Free Application Health Check to Support Government Agencies and Software Providers

Fulton, MD – December 10, 2014 – Sonatype, a software company that enables developers to easily build software applications while significantly reducing security, compliance, and licensing risks, today released a free Application Health Check to immediately alert federal agencies and software suppliers about known vulnerable open source components and where they exist within an application.

more

Sonatype CTO Honored as Thought Leader

The most popular phrase to come out of the Spider-Man stories—“With great power, comes great responsibility”—hit close to home for Joshua Corman, CTO at Sonatype, who longed to be a superhero at a young age, but settled for being a protector in the IT security world. Corman believes that great power comes from protecting technology. Exposed to technologies at a young age by his father—whom he cites as an inspiration—Corman's interest grew into a successful career where he is considered a respected innovator.

more

Sonatype’s New Software Release Determines OSS Risk and Provides Immediate Path to Resolution

Fulton, MD – November 17, 2014 – Sonatype, a software company that enables developers to easily build software applications while significantly reducing security, compliance, and licensing risks, today released a new version of its Component Lifecycle Management (CLM) software. An industry first, developers can now avoid security risks without missing business-critical delivery deadlines.

more

Sonatype aims to help developers reduce risk from open-source components

Software developers use a large number of open-source components, often oblivious to the security risks they introduce or the vulnerabilities that are later discovered in them.

Sonatype, a company that helps developers manage open-source components across different applications, attempts to solve this long-standing problem with a new version of its Component Lifecycle Management (CLM) product, released Friday.

more

Nexus Live: October 9, 2014 1:00pm EDT, TheNEXUS Community Sneak Peak

On-Demand Recording: Streamed October 9, 2014

During the October 2014 broadcast of Nexus Live we were able to catch up with Gene Kim and Josh Corman to find out what’s in store for the DevOps Enterprise Summit in the Bay Area at the end of the month. We also took a quick look at TheNEXUS, the new community site for Nexus, Nexus Pro and CLM. Take a look.

more

Sonatype Brings NuGet Component Management to .NET Developer Community

Fulton, MD – October 1, 2014 – Sonatype, a software company that enables developers to easily build software applications while significantly reducing security, compliance, and licensing risks, today announced free NuGet package support through its open source component manager – Nexus OSS. As developers are consuming an ever-increasing number of open source components -- now approaching 250 million downloads annually – the .NET community is seeking to improve build performance and stability through the use of component managers. This trend mirrors the evolution in the Java development environments where there are 13 billion open source component download requests managed annually. More than 40,000 organizations and teams seeking to improve their open source development performance and security have turned to Sonatype’s Nexus component managers -- all of which can now leverage available NuGet support.

more

Fixing HealthCare.gov security

In a report released Tuesday, the Government Accountability Office found problems in the "technical controls protecting the confidentiality, integrity and availability" of the federally facilitated marketplace (FFM), which is the area of the site to buy health insurance.

more

Awards

Codie INC 500 Red Herring SD Times NVTC RSA Gartner