News Source Fierce Cio

Vulnerable open-source code components in business software

A new research study has found that most businesses and independent software vendors that use open-source components in their applications don't know whether those components are safe. The research was conducted by Aspect Security, a firm that evaluates software for vulnerabilities, and Sonatype, which operates the Central Repository, an exchange for open-source components with a library of more than 300,000 components. more
News Source Jaxenter

Banks and ISVs hit hard by open source vulnerabilities

Financial institutions and independent software vendors (ISVs) are being hit disproportionately hard by security holes in open source software components, according to a new study by Sonatype and Aspect Security. The companies followed out-of-date, compromised packages in the Maven Central Repository over the course of a year, watching the ‘Global 500’ group clock up a collective 2.8 million downloads. The ‘Global 100’ group of banks and other financial institutions downloaded 567,000 insecure components over the same period. more
News Source Infoworld

Open source code libraries suffer from vulnerabilities

A study of how 31 popular open source code libraries were downloaded over the past 12 months found that more than a third of the 1,261 versions of these libraries had a known vulnerability and about a quarter of the downloads were tainted. more

Sonatype Repository Now Straddles Java and .NET

Sonatype has extended the use of its Nexus repository manager to .NET developers this month. Now compliant with both Java components and Microsoft platform code blocks, the company hopes to win new appeal among programming shops operating heterogeneous development environments. more
News Source Application Development Trends

Sonatype Java Repository Now Accepts .NET Components

Sonatype today released a new version of its Maven-based component repository that supports software developers using the .NET Framework. Version 2.0 of Sonatype's Nexus Professional, a widely used repository manager for Java components, adds support for.NET developers who want to store and manage their components in a repository. more

Actionable Control For Open Source Components

Sonatype has released the Nexus Professional 2.0 open-source repository manager. The new iteration now includes more "actionable" information about the open-source components used in any development project. more
News Source Infoq

Nexus 2.0 Released

Today, Sonatype released Nexus 2.0, a significant upgrade to their namesake repository software and the engine behind the Central. more
News Source Nvtc

John Backus, Wayne Jackson and CIT GAP Funds Honored as Winners of the Entrepreneur Navigator Awards

The Entrepreneur Center @NVTC announced the 2012 winners of the Entrepreneur Navigator Awards at a reception on Thursday, February 2, at the Tower Club in Tysons Corner, Va. The Navigator Awards recognize individuals and organizations whose commitments of time, experience, intellectual capital and personal effort have improved the quality of the entrepreneur community or have led to the success of a startup or entrepreneur. more

Webinar: Nexus 2.0 Live Demo

On-Demand Recording

Jason van Zyl, Sonatype Founder and CTO, demonstrates how Nexus 2.0 will help you avoid downtime, iImprove repository management and standardize on a single repository manager for .NET, Java, and OSGi

News Source Redmonk

What’s in Store for 2012: A Few Predictions

The cost of delaying my 2012 predictions is that one has already come to pass. Nginx – the web server now powering all of the properties – passed IIS according a January 4 Netcraft release. Read more: more
News Source Java Magazine

Sonatype Brings Java .Net Projects into the Central Repository

It's natural for open source projects to build upon the work done by other open source projects. Sonatype is facilitating the availability of components from's large open source project base, by bringing project artifacts into the Central Repository, a leading source for open source Java components. more
News Source Redmonk

Sonatype Insight: Data as the Product

Sonatype Insight: Data as the Product Sonatype Insight Heatmap There is no shortage of evidence concerning the value of data, generally. From predicting the flu to the outcome of elections (PDF) to the best practices for dating websites, it’s obvious that knowledge really is power. What’s been lacking, at least according to the conventional wisdom, has been proof points of data being a direct source of revenue. Read more: more
News Source Devx

Top 10 Tips for Improving Your Open Source Software Governance

Gartner estimates that by 2013, 90 percent of Global 2000 enterprises will include open source software (OSS) as business critical elements of their IT portfolios -- and by 2016, that number will increase to 99 percent. It makes sense that open source use is on the rise. Java developers already know that open source offers unmatched flexibility, the power to control and easily modify code and optimize performance. The bottom line: Using open source components for software development improves an organization's ability to deliver higher quality software faster at lower cost. more


Codie INC 500 Red Herring SD Times NVTC RSA Gartner