Nexus Live: May 2013 focus on Repository Healthcheck

On-Demand Recording: Streamed May 31, 2013

See the most popular feature of Nexus in action, get a complete overview of the Repository Health Check to assess the health of the components in your repository. Avoid risks by reviewing popularity, license type and security vulnerabilities for every component in the repository. Also see an early preview of Nexus 2.6.

more

Sonatype Named Emerging Company of the Year by Technology Council of Maryland

ROCKVILLE, Md.--May 17, 2013 - The Tech Council of Maryland (TCM), Maryland’s largest technology trade association with more than 400 biotechnology and technology members employing more than 200,000 in the region, last night announced the winners of its 2013 TCM Awards naming Sonatype the Emerging Company of the Year.

more
Help Net Security

The insecurity of the component lifecycle

Open source component use continues to skyrocket with applications now more than 80 percent component-based, while at the same time organizations continue to struggle with establishing policy to secure and govern component use. According to the Sonatype survey, 76 percent of organizations have no component management policies in-place.

more
Infosecurity Magazine

Three-fourths of organizations lack app component policy

When it comes to developing applications, open-source component use continues to skyrocket. And like operating systems or databases, open-source components represent a rich attack vector for hackers to exploit given their commonality across organizations and applications.

more
SD Times

Sonatype ushers in new era of application security aimed at eliminating risk in the modern software supply chain

Sonatype, the leader in Component Lifecycle Management (CLM), today introduced a revolutionary new approach to application security which significantly reduces the risk in using freely available, open source software (OSS) components. Sonatype CLM is the first and only solution to secure the entire component lifecycle – from design, development and deployment through production operations.

more

Nexus Live: April 2013 with LDAP tips & tricks

On-Demand Recording: Streamed April 26, 2013

Learn tips and tricks for using the LDAP support available in both Nexus OSS and Nexus Pro. Learn about top support issues with Nexus 2.4 and get an early preview on Nexus 2.5.

more
SD Times

Keeping Tabs on Open-Source Components

It’s not uncommon for a software application today to consist of 80% or more open-source components, which explains enterprises’ growing use of repository managers, solutions that help them govern what open-source components are being used by their developers.

more
//CODiE// 2013 SIIA CODiE WINNER

//CODiE// 2013 SIIA CODiE WINNER

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo.

more

Nexus Live: March 2013 with new Nexus 2.4 features

On-Demand Recording: Streamed March 22, 2013

The top of the hour kicked off with new features of Nexus 2.4 and the rest of the hour was dedicated to live Q&A discussion with active community members and our expert panel.

more
Open Source and the Software Supply Chain: A Look at Risks vs. Rewards

Open Source and the Software Supply Chain: A Look at Risks vs. Rewards

There is a dynamic shift occurring in the software development landscape. No longer are applications written, today most are assembled using open source components. The growing reliance on externally sourced, open-source components as core building blocks for modern application development, coupled with the complexity of the ecosystem, has ushered in new risks for the software supply chain. This article will explore the licensing, security, and quality risks associated with component-based development and its direct impact on the integrity of the software supply chain.

more
News Source The H

The Ghost of a Spring Framework Bug Haunts Old Code

There are reports of the discovery of a remote code execution flaw in the Spring Framework, but many are not mentioning that the flaw in question was fixed over a year ago and that what has been found is actually a new way to exploit that old flaw. In 2011, a "variable" severity flaw, identified as CVE-2011-2730, was discovered by two researchers in versions 3.0.0 to 3.0.5, 2.5.0 to 2.5.6SEC02 and 2.5.0 to 2.5.7SR01. more

Awards

Codie INC 500 Red Herring SD Times NVTC RSA Gartner