News Releases

Sonatype Software Directly Addresses Newly Released Security Control Guidelines from FS-ISAC for the Financial Services Industry

Published: December 10, 2013 09:08

Fulton, Md. – December 10, 2013 - Sonatype, the software company that enables developers to rapidly build secure software while also eliminating compliance and licensing risk, announced that its software directly addresses newly released FS-ISAC (Financial Services Information Sharing and Analysis Center) security controls for open source components

The new FS-ISAC guidance provides recommendations regarding open source libraries and components. Specifically, the guidance recommends that financial institutions apply policy management and enforcement as well as inventory management for open source libraries used as part of their application portfolio.

Today, 90 percent of the typical enterprise application is comprised of open source components. These reusable building blocks provide easy access to innovation and enable vastly more efficient software development processes. The downside is that without proper insight and governance, organizations risk crippling attacks, licensing liability, and compliance exposure. In a recent study, 71 percent of applications were found to contain components with known security flaws classified as severe or critical and an alarming 76 percent of organizations have no component management policies in place.*

With automated governance, monitoring, and alerts, Sonatype Component Lifecycle Management allows enterprises to accurately identify flawed components and proactively fix these components throughout the software development lifecycle. Five of the world's largest banks, multiple multinational corporations, and several of the United States' largest government agencies have recently enlisted Sonatype to assist them in addressing what is, for many, an application security crisis.

Click here to access the FS-ISAC White Paper: Third Party Software Security Working Group - "Appropriate Software Security Control Types for Third Party Service and Product Providers."

About Sonatype:
Sonatype's software protects the world's enterprise software applications from security, compliance, and licensing risks, while reducing application development and deployment time. Every day, millions of developers build software applications from open source building blocks, known as components. Customers rely on Sonatype software to select and use the best components from the start of the development lifecycle so that trustworthy applications can also meet release deadlines. Policy automation, ongoing monitoring, and proactive alerts ensure these applications remain secure over time. Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel Partners, Bay Partners, Hummer Winblad Venture Partners and Morgenthaler Ventures. Visit:

* SOURCES: Analysis of the Central Repository, 1000+ Repository and Application Healthchecks, and Sonatype 2013 survey of 3500 developers, architects and managers across industries and geographies.