Open Source and the Software Supply Chain: A Look at Risks vs. Rewards

Open Source and the Software Supply Chain: A Look at Risks vs. Rewards

There is a dynamic shift occurring in the software development landscape. No longer are applications written, today most are assembled using open source components. The growing reliance on externally sourced, open-source components as core building blocks for modern application development, coupled with the complexity of the ecosystem, has ushered in new risks for the software supply chain. This article will explore the licensing, security, and quality risks associated with component-based development and its direct impact on the integrity of the software supply chain.

News Source The H

The Ghost of a Spring Framework Bug Haunts Old Code

There are reports of the discovery of a remote code execution flaw in the Spring Framework, but many are not mentioning that the flaw in question was fixed over a year ago and that what has been found is actually a new way to exploit that old flaw. In 2011, a "variable" severity flaw, identified as CVE-2011-2730, was discovered by two researchers in versions 3.0.0 to 3.0.5, 2.5.0 to 2.5.6SEC02 and 2.5.0 to 2.5.7SR01. more
News Source Techcrunch

Open Source Software: Compliance Basics And Best Practices

Startups stand on the shoulders of giants, developing proprietary applications on top of a software landscape that heavily leverages open source components. But as the saying goes, free software is not free, and using open source software requires that organizations understand the legal framework of open source. more
News Source It Canada

IT in Canada profile: Sonatype

How Sonatype helps customers: Sonatype’s Component Lifecycle Management products were designed to enable software development organizations to establish visibility and control in a complex and agile software supply chain. more
News Source Redmonk

Ten Years of RedMonk

Ten years ago today the DARPA funded paper describing REST was six months old. There was no Firefox. No Eclipse Foundation. No Facebook. No Amazon Web Services. No Twitter. No LinkedIn. No YouTube. No Etsy. No Gmail. No Hadoop. No iPhone. Apple, in fact, was worth $5.143B, or about what they made every month and a half in 2012. more
News Source It Canada

Open Source Management software: riding herd on collaborative innovation

With all due respect to UC systems, SharePoint and Facebook, by far the most common manifestation of collaboration in enterprise IT is the use of open source software. Products such as Linux, Firefox, and Apache aren’t just common, they’re ubiquitous: Gartner reports that “by 2016, at least 95% of IT organizations will leverage non-trivial elements of OSS technology in their mission-critical IT portfolios.”. more
News Source Sd Times

Security practices take focus off programmers and onto systems

Security concerns grow every day for application developers. With public-facing Web applications, mobile devices and wireless connections everywhere, sometimes software can feel as though it's being built with a target on its back. But a host of new security solutions from the likes of Denim Group, Sonatype and Veracode are attempting to rectify security concerns throughout the development process. more
News Source Information Week

Maven Developer van Zyl Focuses On Code Security

It's a well-recognized fact that the earlier a security exposure is found, the less it costs to fix. Sonatype CTO Jason van Zyl wants to carry that finding out to its logical conclusion and detect and fix vulnerabilities during development. more
News Source Openshift

Nexus Repository Manager in the Cloud for Free with OpenShift

Sonatype Nexus is a repository manager software which manages your software artifacts for development, deployment, and provisioning. It acts like your own central maven repository. All the teams with in an organization can download jars from Nexus and upload their team artifacts to Nexus. more

The Application Component Doctor Will See You Now

Sonatype has launched Insight Application Health Check, an application component analysis designed to assess the integrity of open-source components at every phase of the software lifecycle. As a Component Lifecycle Management (CLM) player, the company says that this is a means of understanding the potential risks and opportunities associated with each component in use. more
News Source Pc Magazine

Insight Application Health Check

Sonatype's Insight Application Health Check is a small utility that scans Java applications for any security vulnerabilities and license issues. more
News Source It Business Edge

Exercising a Little Open Source Prudence

IT organizations today are more dependent on open source code than ever; they’re just not always sure where it came from, whether they can legally use it or how secure it is. more
News Source Application Development Trends

Tool Analyzes Open Source Components in Your Java Apps

Sonatype, a provider of so-called Component Lifecycle Management (CLM) solutions, on Wednesday launched a new on-demand service that analyzes the open-source components that increasingly comprise enterprise Java applications for security, licensing and quality problems. more

Sonatype Launches Insight Application Health Check

Sonatype Launches Insight Application Health Check New Component Lifecycle Management Service Offers the Fastest, Easiest Way to Find Application Security, Licensing and Quality Issues – Delivering Results in Minutes more
News Source Techcrunch

OS In The Enterprise And The Component Revolution — What Startups Need To Know

It’s no secret that today’s software is very different than it used to be. It’s often cloud-based, includes social functions, and is available to anyone, anywhere, using any type of device. What most of us don’t see is that it’s not just different on the surface – it’s also created and delivered in a very different way. more


  • Codie
  • INC 500
  • Red Herring
  • SD Times
  • NVTC
  • RSA
  • Gartner