News Source Infoworld

Study: Open source libraries propagate security flaws

Although companies such as Microsoft, Adobe, and Mozilla have raised awareness of secure programming practices in recent years, getting developers to adopt best practices to weed out vulnerabilities in program code remains a challenge. A case in point: Developers often overlook the necessity of keeping the source components of their software up-to-date, a problem exacerbated by poor update mechanisms, according to a study released on Monday. more
News Source Fierce Cio

Vulnerable open-source code components in business software

A new research study has found that most businesses and independent software vendors that use open-source components in their applications don't know whether those components are safe. The research was conducted by Aspect Security, a firm that evaluates software for vulnerabilities, and Sonatype, which operates the Central Repository, an exchange for open-source components with a library of more than 300,000 components. more
News Source Jaxenter

Banks and ISVs hit hard by open source vulnerabilities

Financial institutions and independent software vendors (ISVs) are being hit disproportionately hard by security holes in open source software components, according to a new study by Sonatype and Aspect Security. The companies followed out-of-date, compromised packages in the Maven Central Repository over the course of a year, watching the ‘Global 500’ group clock up a collective 2.8 million downloads. The ‘Global 100’ group of banks and other financial institutions downloaded 567,000 insecure components over the same period. more
News Source Infoworld

Open source code libraries suffer from vulnerabilities

A study of how 31 popular open source code libraries were downloaded over the past 12 months found that more than a third of the 1,261 versions of these libraries had a known vulnerability and about a quarter of the downloads were tainted. more

Sonatype Repository Now Straddles Java and .NET

Sonatype has extended the use of its Nexus repository manager to .NET developers this month. Now compliant with both Java components and Microsoft platform code blocks, the company hopes to win new appeal among programming shops operating heterogeneous development environments. more
News Source Application Development Trends

Sonatype Java Repository Now Accepts .NET Components

Sonatype today released a new version of its Maven-based component repository that supports software developers using the .NET Framework. Version 2.0 of Sonatype's Nexus Professional, a widely used repository manager for Java components, adds support for.NET developers who want to store and manage their components in a repository. more

Actionable Control For Open Source Components

Sonatype has released the Nexus Professional 2.0 open-source repository manager. The new iteration now includes more "actionable" information about the open-source components used in any development project. more
News Source Infoq

Nexus 2.0 Released

Today, Sonatype released Nexus 2.0, a significant upgrade to their namesake repository software and the engine behind the Central. more
News Source Nvtc

John Backus, Wayne Jackson and CIT GAP Funds Honored as Winners of the Entrepreneur Navigator Awards

The Entrepreneur Center @NVTC announced the 2012 winners of the Entrepreneur Navigator Awards at a reception on Thursday, February 2, at the Tower Club in Tysons Corner, Va. The Navigator Awards recognize individuals and organizations whose commitments of time, experience, intellectual capital and personal effort have improved the quality of the entrepreneur community or have led to the success of a startup or entrepreneur. more
News Source Redmonk

What’s in Store for 2012: A Few Predictions

The cost of delaying my 2012 predictions is that one has already come to pass. Nginx – the web server now powering all of the properties – passed IIS according a January 4 Netcraft release. Read more: more
News Source Java Magazine

Sonatype Brings Java .Net Projects into the Central Repository

It's natural for open source projects to build upon the work done by other open source projects. Sonatype is facilitating the availability of components from's large open source project base, by bringing project artifacts into the Central Repository, a leading source for open source Java components. more


  • Codie
  • INC 500
  • Red Herring
  • SD Times
  • NVTC
  • RSA
  • Gartner