News Releases

Sonatype Names Prominent Security Strategist Joshua Corman as CTO

Published: January 16, 2014 12:07

Fulton, Md. – Jan. 16, 2014 Sonatype, the software company that enables developers to rapidly build secure software while also eliminating compliance and licensing risk, today announced the hiring of respected IT security strategist, advocate, and philosopher Joshua Corman as the company’s Chief Technology Officer.

Prior to Sonatype, Corman served as a security researcher and executive at Akamai Technologies, The 451 Group, and IBM Internet Security Systems, among other firms. A well-regarded innovator, he co-founded Rugged Software and IamTheCavalry to encourage the development of new cyber security solutions in response to the world’s increasing reliance on digital infrastructure. Corman’s unique approach to addressing cyber security in the context of human factors and social impact has helped position him as one of the most trusted names in IT security. He also serves as adjunct faculty for Carnegie Mellon’s Heinze College, IANS Research, and as a Fellow at the Ponemon Institute.

In his capacity as CTO, Corman will research new technologies and software development trends to help evolve Sonatype’s product strategy. Additionally, Josh will work with the broader IT community as well as policy and standards bodies to improve software development security standards and best practices.

“We are thrilled to have Josh on board,” said Wayne Jackson, CEO, Sonatype. “As a highly trusted IT security practitioner and thought leader, Josh shares our passion and concern for properly securing enterprise software applications in a rapidly changing world. His community reach and command of technology will serve Sonatype, the user community, and businesses at large well.”

“Our dependence on software is growing faster than our ability to secure it. Afterthought security alone cannot keep pace,” said Joshua Corman, CTO, Sonatype. “I look forward to working with Sonatype to drive more defensible and dependable software practices – at scale and earlier in the lifecycle. As 3rd party and open source components are the backbone of most modern software, I believe Sonatype addresses a critical and neglected piece of the puzzle and will have significant impact.”

Today, 90 percent of the typical enterprise application is comprised of 3rd party and open source building blocks, known as components. These reusable components allow for great speed, efficiency and innovation. The downside is that without proper insight and governance, organizations risk crippling attacks, licensing liability, and compliance exposure. 71 percent of applications contain components with known security flaws classified as severe or critical and an alarming 76 percent of all organizations have no component management policies in place.

With automated governance, monitoring, and alerts, Sonatype Component Lifecycle Management enables enterprises to accurately identify flawed components and proactively fix these components throughout the software development lifecycle. Five of the world’s largest banks, multiple multinational corporations, and several of the United States’ largest government agencies have recently enlisted Sonatype to assist them in addressing what is, for many, an application security crisis.

About Sonatype:

Sonatype’s software protects the world’s enterprise software applications from security, compliance, and licensing risks, while reducing application development and deployment time. Every day, millions of developers build software applications from open source building blocks, known as components. Customers rely on Sonatype software to select and use the best components from the start of the development lifecycle so that trustworthy applications can also meet release deadlines. Policy automation, ongoing monitoring, and proactive alerts ensure these applications remain secure over time. Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel Partners, Bay Partners, Hummer Winblad Venture Partners, and Morgenthaler Ventures. Visit: