After Heartbleed Bug, A Race to Plug Internet Hole

Popular websites and millions of Internet users scrambled to update software and change passwords Wednesday, after a security bug in crucial encryption code was disclosed sooner than researchers had planned.

Facebook Inc. and Yahoo Inc.'s blogging site Tumblr advised users to change their passwords because of the so-called Heartbleed bug. Canada's tax agency shut its filing website as a precaution, weeks before its April 30 filing deadline.

Websites for Airbnb Inc., the Four Seasons hotel chain and Netflix Inc. were vulnerable for a time, said Wayne Jackson, CEO of Sonatype Inc., which manages open-source software. Airbnb and Netflix said they had updated their software. Four Seasons didn't immediately respond to a request for comment.

more
Sonatype Press Release

Heartbleed bug. What you need to know.

Security researchers have uncovered a fatal flaw in a key safety feature for surfing the Web – the one that keeps your email, banking, shopping, passwords and communications private.

more
Sonatype Press Release

OWASP Atlanta Meetup - Hidden Risks of Component Based Development

Date: May 22, 2014
Time: 6:00 PM EDT

Join Ryan Berg as he shares real world data on component risks, outlines the scope of the problem, and proposes approaches for managing these risks. You'll learn how security professionals can work cooperatively with application developers to reduce risk AND boost developer efficiency.

more
Sonatype Press Release

Infosec Europe

Sonatype is leading the component revolution. The company’s innovative Component Lifecycle Management products enable organizations to realize the promise of agile, component-based software development while avoiding security, quality and licensing risks. Visit Sonatype at booth L73 to learn more about how we help organizations build trusted software and it keep it trusted over time. more
Sonatype Press Release

FS-ISAC Spring Summit 2014

In December of 2013, the FS-ISAC Third Party Software Security Working Group released new controls to manage risk associated with open source libraries and components.

These controls recommend financial institutions apply policy management and enforcement as well as inventory management for open source libraries and components used in their application portfolio. To learn more about best practices for managing risk from 3rd party software and open source components, stop by our booth.

more
Sonatype Press Release

Great Wide Open

Sonatype’s CSO, Ryan Berg will be presenting at the Great Wide Open event on Thursday, April 3rd at 2:30 – 3:15. more
Sonatype Press Release

AFCEA Homeland Security Conference

Sonatype is a committed partner and contributing member to the software assurance framework where we are providing our technology to help ensure practitioners and managers are building and delivering high quality software free of defects and flaws. more

Sonatype And HP Integrate To Secure Cloud Components

Software development is increasingly being typified by a componentized approach. A single application might consist of code and component modules from a multitude of different sources. While this increases agility and allows developers to truly utilize best of breed aspects of the application, it also creates a minefield of security issues.

more

Sonatype Adds 3rd Party & Open Source Component Visibility to HP Fortify on Demand

SAN FRANCISCO, CA – February 24, 2014 Sonatype, the software company that enables developers to rapidly build secure software while also eliminating compliance and licensing risk, today announced that its component lifecycle management (CLM) analysis technology has been integrated with HP’s cloud-based software security solution – HP Fortify on Demand.

more

Sonatype debuts latest to protect the world's enterprise software applications from security, compliance, and licensing threats

Today, 90 percent of the typical enterprise application is comprised of open source building blocks, known as components. These reusable components allow for great speed, efficiency and innovation. The downside is that without proper insight and governance, organizations risk crippling attacks, licensing liability, and compliance exposure. 71 percent of applications contain components with known security flaws classified as severe or critical and an alarming 76 percent of all organizations have no component management policies in-place. more

Awards

Codie INC 500 Red Herring SD Times NVTC RSA Gartner