Sonatype debuts latest to protect the world's enterprise software applications from security, compliance, and licensing threats

Today, 90 percent of the typical enterprise application is comprised of open source building blocks, known as components. These reusable components allow for great speed, efficiency and innovation. The downside is that without proper insight and governance, organizations risk crippling attacks, licensing liability, and compliance exposure. 71 percent of applications contain components with known security flaws classified as severe or critical and an alarming 76 percent of all organizations have no component management policies in-place. more

Sonatype Names Prominent Security Strategist Joshua Corman as CTO

Fulton, Md. – Jan. 16, 2014 Sonatype, the software company that enables developers to rapidly build secure software while also eliminating compliance and licensing risk, today announced the hiring of respected IT security strategist, advocate, and philosopher Joshua Corman as the company’s Chief Technology Officer.

more
Sonatype Press Release

Webinar: FS-ISAC Best Practices for Managing Risk from Open Source Libraries & Components

On-Demand Recording

In December of 2013, the FS-ISAC Third Party Software Security Working Group released new controls to manage risk associated with open source libraries and components. These controls recommend financial institutions apply policy management and enforcement as well as inventory management for open source libraries and components used in their application portfolio. Webinar features Jim Routh, Aetna's Chief Security Officer and Joshua Corman, Sonatype's Chief Technology Officer.

more

Nexus Live: December 2013 with Tyler Jewell, CEO of Codenvy

On-Demand Recording: Streamed December 19, 2013

Watch our December Nexus Live event featuring Tyler Jewell, CEO of Codenvy. Codenvy runs a cloud based development and deployment environment in a true devops fashion. Tyler shares how Codenvy uses Nexus as part of their build pipeline.

more

Fortune 50 Organizations Quickly Turn to Sonatype to Address a Global Software Security Threat

Fulton, MD. - November 6, 2013 - Sonatype, the software company that enables developers to rapidly build secure software while also eliminating compliance and licensing risk, is experiencing dramatic demand for its products. The company credits this momentum to the increasingly urgent need to address risks associated with the use of defective open source building blocks in mission-critical software applications. more

Sonatype Selected as SINET-16 Innovator to Present at 2013 SINET

San Francisco, Calif. - November 4, 2013 - The Security Innovation Network™ (SINET), an organization focused on advancing Cybersecurity innovation through public-private collaboration, today announced the 2013 SINET 16 Innovators, who will share their innovative solutions at the annual SINET Showcase on December 4 - 5, 2013 at the National Press Club in Washington D.C.

more

Nexus Live: November 2013 with Kyle Allan from Riot

On-Demand Recording: Streamed November 21, 2013

We continued our DevOps focus for the month of November and were joined by Kyle Allan from Riot Games. Kyle shared how Riot Games uses Chef to install Nexus. He also shared how they are using the Nexus REST API in the command line interface and a Nexus cookbook he has open sourced. Watch the recording to learn how to extend the value of Nexus into your deployment environment.

more

Nexus Live: October 2013 featuring Puppet

On-Demand Recording: Streamed October 23, 2013

Learn how Hubspot.com developed a system using Puppet that provisions Nexus instances into a deployment platform in a DevOps manner.

more

Sonatype Reduces Licensing Risks With New Update to NuGet and Visual Studio

FULTON, MD. – Sept. 9, 2013 Sonatype, a software company dedicated to enabling developers to easily build software applications while significantly reducing security, compliance, and licensing risks, today announced an update to both the NuGet gallery and Visual Studio 2013 add-in that provides license data associated for each NuGet package based on the Sonatype Component Lifecycle Management (CLM) platform. more

Myths and Misconceptions on Securing Open-source Software

Agile security expert Ryan Berg addresses the common myths and misconceptions of securing open-source software and offers practical tips on how to build in security throughout the software development lifecycle – from design, development and deployment through to production.

more

Nexus Live: September 2013 featuring the Nexus user survey

On-Demand Recording: Streamed September 11, 2013

Watch our live panel discussions with Nexus experts where they highlight survey results from our most advanced Nexus users. Learn what development tools work with Nexus, what features users value most and see how over half of users survey are interested in extending component management beyond their repository manager.

more

Nexus Live: July 2013 profiling Nexus with JMX

On-Demand Recording: Streamed on July 17, 2013

Watch our July session to learn how to profile your Nexus installation with JMX and hear from the Maven creator, Jason van Zyl on the highlights of the newest Maven 3.1.0 release.

more

Awards

Codie INC 500 Red Herring SD Times NVTC RSA Gartner