80 Percent of the Largest US and European Banks Deploy Sonatype to Address Growing Software Security Threat

Fulton, MD – April 22, 2014 – Sonatype, a software company that enables developers to easily build software applications while significantly reducing security, compliance, and licensing risks, continues to find its software in high demand. The company credits this momentum to an increasing awareness of the urgent need to address the risks associated with flawed open source components being used in millions of mission-critical software applications.

more
Sonatype Webinar

Webinar: Lessons Learned from Heartbleed, Struts and the Neglected 90%

On-Demand Recording: Streamed May 1st, 2014

Watch this insightful and witty discussion between two old pals, Wendy Nather, Security Research Director at 451 Research and Josh Corman, CTO at Sonatype on the state of application security today. They share their perspectives on the changing landscape of application development and how this is impacting common application security approaches. They agree the dramatic shift from source code to component based development has created an open source security gap. With component vulnerabilities becoming national news, Heartbleed, Struts and the promise of more to come, now is the time to address this growing security gap.

more

Who's to blame for 'catastrophic' Heartbleed Bug?

The Heartbleed Bug, basically a flaw in OpenSSL that would let savvy attackers eavesdrop on Web, e-mail and some VPN communications that use OpenSSL, has sent companies scurrying to patch servers and change digital encryption certificates and users to change their passwords. But who's to blame for this flaw in the open-source protocol that some say also could impact routers and even mobile devices as well?

more

After Heartbleed Bug, A Race to Plug Internet Hole

Popular websites and millions of Internet users scrambled to update software and change passwords Wednesday, after a security bug in crucial encryption code was disclosed sooner than researchers had planned.

Facebook Inc. and Yahoo Inc.'s blogging site Tumblr advised users to change their passwords because of the so-called Heartbleed bug. Canada's tax agency shut its filing website as a precaution, weeks before its April 30 filing deadline.

Websites for Airbnb Inc., the Four Seasons hotel chain and Netflix Inc. were vulnerable for a time, said Wayne Jackson, CEO of Sonatype Inc., which manages open-source software. Airbnb and Netflix said they had updated their software. Four Seasons didn't immediately respond to a request for comment.

more
Sonatype Press Release

Heartbleed bug. What you need to know.

Security researchers have uncovered a fatal flaw in a key safety feature for surfing the Web – the one that keeps your email, banking, shopping, passwords and communications private.

more

Sonatype And HP Integrate To Secure Cloud Components

Software development is increasingly being typified by a componentized approach. A single application might consist of code and component modules from a multitude of different sources. While this increases agility and allows developers to truly utilize best of breed aspects of the application, it also creates a minefield of security issues.

more

Sonatype Adds 3rd Party & Open Source Component Visibility to HP Fortify on Demand

SAN FRANCISCO, CA – February 24, 2014 Sonatype, the software company that enables developers to rapidly build secure software while also eliminating compliance and licensing risk, today announced that its component lifecycle management (CLM) analysis technology has been integrated with HP’s cloud-based software security solution – HP Fortify on Demand.

more

Sonatype debuts latest to protect the world's enterprise software applications from security, compliance, and licensing threats

Today, 90 percent of the typical enterprise application is comprised of open source building blocks, known as components. These reusable components allow for great speed, efficiency and innovation. The downside is that without proper insight and governance, organizations risk crippling attacks, licensing liability, and compliance exposure. 71 percent of applications contain components with known security flaws classified as severe or critical and an alarming 76 percent of all organizations have no component management policies in-place. more

Sonatype Names Prominent Security Strategist Joshua Corman as CTO

Fulton, Md. – Jan. 16, 2014 Sonatype, the software company that enables developers to rapidly build secure software while also eliminating compliance and licensing risk, today announced the hiring of respected IT security strategist, advocate, and philosopher Joshua Corman as the company’s Chief Technology Officer.

more
Sonatype Press Release

Webinar: FS-ISAC Best Practices for Managing Risk from Open Source Libraries & Components

On-Demand Recording

In December of 2013, the FS-ISAC Third Party Software Security Working Group released new controls to manage risk associated with open source libraries and components. These controls recommend financial institutions apply policy management and enforcement as well as inventory management for open source libraries and components used in their application portfolio. Webinar features Jim Routh, Aetna's Chief Security Officer and Joshua Corman, Sonatype's Chief Technology Officer.

more

Nexus Live: December 2013 with Tyler Jewell, CEO of Codenvy

On-Demand Recording: Streamed December 19, 2013

Watch our December Nexus Live event featuring Tyler Jewell, CEO of Codenvy. Codenvy runs a cloud based development and deployment environment in a true devops fashion. Tyler shares how Codenvy uses Nexus as part of their build pipeline.

more

Fortune 50 Organizations Quickly Turn to Sonatype to Address a Global Software Security Threat

Fulton, MD. - November 6, 2013 - Sonatype, the software company that enables developers to rapidly build secure software while also eliminating compliance and licensing risk, is experiencing dramatic demand for its products. The company credits this momentum to the increasingly urgent need to address risks associated with the use of defective open source building blocks in mission-critical software applications. more

Awards

Codie INC 500 Red Herring SD Times NVTC RSA Gartner