#RSAC: Open-Source Software is a Public Health Hazard

Open-source software is cost-effective (in theory), easily accessible and represents a known development quantity that allows the pace of application innovation to accelerate. In fact, open-source components are found in 90% of software applications on the market today. There’s one issue: open-source also represents a vast, unpatched quagmire of cyber-risk that’s putting public safety at grave risk.

more
Devopscom News Source

A True Story: DevOps(Sec) Manages Out Elective Risks

Bill boosted developer productivity by 15% last year after taking a closer look at the company's software supply chain. And this approach isn't unique to Bill's organization. Many high performance IT and DevOps teams are adopting proven supply chain principles to accelerate software delivery.

more
Jenkins logo

Jenkins User Conference Santa Clara

Date: September 2-3, 2015
Location: Santa Clara Convention Center

The world’s biggest conference for Jenkins users, by Jenkins users. Come learn how to optimize Jenkins across the software delivery process! Sonatype is proud to be a platinum sponsor for the event.

more
Jenkins logo

Jenkins User Conference London

Date: June 23-24, 2015
Location: Hilton Metropole

The world’s biggest conference for Jenkins users, by Jenkins users. Come learn how to optimize Jenkins across the software delivery process! Sonatype is proud to be a platinum sponsor for the event.

more
Jenkins logo

Jenkins User Conference DC

Date: June 18-19, 2015
Location: Hilton Alexandra Mark Center

The world’s biggest conference for Jenkins users, by Jenkins users. Come learn how to optimize Jenkins across the software delivery process! Sonatype is proud to be a platinum sponsor for the event.

more
Devoxx logo

Devoxx

Date: June 17-19, 2015
Location: Business Design Center London

Devoxx UK is a conference focused on Java, web, mobile and JVM languages, and is run by top developer talent, community groups and expert event specialists. It takes place at the Business Design Centre, London, 17th – 19th June, 2015. Sonatype is proud to be a bronze sponsor for the event.

more
DevOps DC logo

DevOps Days DC

Date: June 11-12, 2015
Location: US Patent & Trademark Office - Alexandria, VA

DevOpsDays is coming to Washington, DC! Whether you're in government, academia, or the private sector, DevOpsDays is for you. Whether you're in operations, development, QA, security, or any other department, DevOpsDays is for you. Whether you want to learn about DevOps, share your experiences, or just talk shop with DevOps practitioners, DevOpsDays is for you. Sonatype is proud to be a gold sponsor for this event.

more
DevOps Austin logo

DevOps Days Austin

Date: May 4-5, 2015
Location: The Marchesa - Austin

Sonatype is a gold sponsor for the DevOpsDays in Austin!

more
DevOps Toronto logo

DevOps Days Toronto

Date: May 14-15, 2015
Location: Glenn Gould Studios in Toronto

Sonatype is a gold sponsor for the second DevOpsDays in Toronto!

more

Sonatype’s Nexus Repository Manager Installs Double in Last 18 Months, Reinforcing Dominant Market Share Position

Fulton, MD – February 26, 2015 – Sonatype, the Nexus company and a continuous delivery leader, today announced that its Nexus repository manager usage has doubled in the last 18 months (July 2013 to February 2015.) With five times more installs than any other repository manager, Nexus continues to be the industry standard for accelerating continuous software delivery and DevOps.

more
Qcon logo

QCon New York

Date: June 10-12, 2015
Location: New York Marriott at the Brooklyn Bridge

QCon empowers software development by facilitating the spread of knowledge and innovation in the developer community. A practitioner-driven conference, QCon is designed for technical team leads, architects, engineering directors, and project managers who influence innovation in their teams.

more
Velocity logo

Velocity Santa Barbara

Date: May 27-29, 2015
Location: Santa Clara Convention Center, Santa Clara, CA

We’ve seen a lot of changes since the first Velocity seven years ago. Many ideas, memes, and technologies have emerged—some as a direct result of Velocity. We’re seeing a new way of doing things—optimizing not just your website, but optimizing the technology and culture of your entire business. It’s not just about the Web and fast pages any more.

more
Plugfest logo

DI2E Plugfest

Date: May 19, 2015
Location: George Mason University, Fairfax, VA

The DI2E Plugfest is the annual demonstration of advancements in the DI2E. The purpose is to provide a environment of networked, interoperable and reusable components, the Plugfest eXchange, where vendors are able to deploy and show their tools to provide flexible, agile and data-driven capabilities to Warfighters. Visit Sonatype at booth 211.

more

Growing Open Source Use Heightens Enterprise Security Risks

Companies often have little clue about the extent of third-party code in the enterprise or the risks it poses, security experts say. The data breaches disclosed earlier this month at Park ‘N Fly and OneStopParking.com, two major airport parking services, highlight the continuing risk that enterprises face from using open-source software in their environments without a plan for managing it. The breaches were another reminder of how flaws in third-party software can sometimes cause major headaches for companies that are not prepared for them.

more

How secure are your open source-based systems?

The use of open source in federal systems is attracting scrutiny. In December, House Committee on Foreign Affairs Chairman Ed Royce (R-Calif.) and Rep. Lynn Jenkins (R-Kan.) introduced the Cyber Supply Chain and Transparency Act of 2014 (H.R. 5793) that would have required any supplier of software to the federal government to identify which third-party and open source components are used and verify that they do not include known vulnerabilities for which a less vulnerable alternative is available. One way to check if your systems are comprised is with an Application Health Check that provides a free breakdown of every component in an application and alerts IT managers to potential security and licensing problems.

more
InfoSec logo

InfoSecurity EU

Date: June 2-4, 2015
Location: London, UK

Infosecurity Europe is Europe's number one information security event. Featuring over 345 exhibiting vendors and services suppliers with the most diverse range of new products and services, an unrivalled education program and over 15,000 industry professionals travelling from over 70 countries, it is the most important date in the calendar for Information Security professionals across Europe. Visit Sonatype at booth G172.

more
Gartner logo

Gartner Security & Risk Management Summit

Date: June 8-11, 2015
Location: National Harbor, MD

This year’s Gartner Security & Risk Management Summit shows you how to find the balance between enabling your organization to move forward against its objectives while also protecting it, your customers and employees, so you can have faster business process and improved ROI. You’ll gain a comprehensive outlook into the full spectrum of security and risk management emerging trends and market scopes within five role-based programs and a dedicated Technical Insights track.

more
OWASP logo

OWASP AppSecEU 2015

Date: May 19-22, 2015
Location: Amsterdam, NL

OWASP AppSecEU is the premier gathering place for executives from Fortune 500 companies and technology thought leaders. It offers cutting-edge research presented by security professionals across Europe, trainings and speeches on a variety of security topics including: cloud security, mobile security, vulnerability analysis, and much more. There will be small group sessions, workshops, and learning opportunities for developers, business owners, and security experts. Learn and network for four days, while discovering Amsterdam!

more

US Congress Intervenes to Address Cyber Security Crisis with Software Supply Chain Focus; Sonatype Introduces Free Application Health Check to Support Government Agencies and Software Providers

Fulton, MD – December 10, 2014 – Sonatype, a software company that enables developers to easily build software applications while significantly reducing security, compliance, and licensing risks, today released a free Application Health Check to immediately alert federal agencies and software suppliers about known vulnerable open source components and where they exist within an application.

more

Sonatype CTO Honored as Thought Leader

The most popular phrase to come out of the Spider-Man stories—“With great power, comes great responsibility”—hit close to home for Joshua Corman, CTO at Sonatype, who longed to be a superhero at a young age, but settled for being a protector in the IT security world. Corman believes that great power comes from protecting technology. Exposed to technologies at a young age by his father—whom he cites as an inspiration—Corman's interest grew into a successful career where he is considered a respected innovator.

more

Sonatype’s New Software Release Determines OSS Risk and Provides Immediate Path to Resolution

Fulton, MD – November 17, 2014 – Sonatype, a software company that enables developers to easily build software applications while significantly reducing security, compliance, and licensing risks, today released a new version of its Component Lifecycle Management (CLM) software. An industry first, developers can now avoid security risks without missing business-critical delivery deadlines.

more

Sonatype aims to help developers reduce risk from open-source components

Software developers use a large number of open-source components, often oblivious to the security risks they introduce or the vulnerabilities that are later discovered in them.

Sonatype, a company that helps developers manage open-source components across different applications, attempts to solve this long-standing problem with a new version of its Component Lifecycle Management (CLM) product, released Friday.

more

Nexus Live: October 9, 2014 1:00pm EDT, TheNEXUS Community Sneak Peak

On-Demand Recording: Streamed October 9, 2014

During the October 2014 broadcast of Nexus Live we were able to catch up with Gene Kim and Josh Corman to find out what’s in store for the DevOps Enterprise Summit in the Bay Area at the end of the month. We also took a quick look at TheNEXUS, the new community site for Nexus, Nexus Pro and CLM. Take a look.

more

Sonatype Brings NuGet Component Management to .NET Developer Community

Fulton, MD – October 1, 2014 – Sonatype, a software company that enables developers to easily build software applications while significantly reducing security, compliance, and licensing risks, today announced free NuGet package support through its open source component manager – Nexus OSS. As developers are consuming an ever-increasing number of open source components -- now approaching 250 million downloads annually – the .NET community is seeking to improve build performance and stability through the use of component managers. This trend mirrors the evolution in the Java development environments where there are 13 billion open source component download requests managed annually. More than 40,000 organizations and teams seeking to improve their open source development performance and security have turned to Sonatype’s Nexus component managers -- all of which can now leverage available NuGet support.

more

Fixing HealthCare.gov security

In a report released Tuesday, the Government Accountability Office found problems in the "technical controls protecting the confidentiality, integrity and availability" of the federally facilitated marketplace (FFM), which is the area of the site to buy health insurance.

more

Awards

Codie INC 500 Red Herring SD Times NVTC RSA Gartner