News Source Infoworld

Open source is driving business app development

Hardly a month goes by without some fresh evidence of the growing popularity of open source software, and perhaps one of the best examples in recent weeks has been Microsoft's creation of its new Open Technologies division. more
News Source Forbes

Sonatype's Open Source Boost To Software Productivity

It seems like a contradiction in terms — open source software is by definition created for free by coders who want to make a name for themselves writing components that organizations use at no charge. So how could one company come to dominate a world where the product is made and bought for free? more
News Source Zd Net

Only 20% of corporate OSS users manage components

Only about 20 percent of companies using open source components have lock down controls and fewer than 50 percent have corporate policies in place to manage component usage, according to a study of 2500 developers released by component repository vendor Sonatype more
News Source Formtek

Open Source: The Good, Bad and Ugly — Studies in Two Extremes

When top-class Open Source tools and applications (think software like Linux, Apache Web Server, PostgresSQL and PHP) went head to head against similar proprietary software, a recent survey found that Open Source bested or equaled the quality of their proprietary cousins. The Open Source community hailed these findings from Gartner and Coverity. more
News Source Infosecurity Magazine

Study finds widespread use of vulnerable open source components

The study, the 'Unfortunate Reality of Insecure Libraries', found that many organizations use open source components as the building blocks for their applications but have zero visibility into whether the components they are using are secure, thereby exposing the organization to security risks. more
News Source Australian Techworld

Do insecure open source components threaten your apps?

Since Apache Maven, the brainchild of Sonatype founder Jason van Zyl, emerged as a top-level Apache Software Foundation project in 2003, the Central Repository has become a primary source of open source components. Jackson says the Central Repository receives four billion requests per year for its 300,000 components. more
News Source Cso

Do Insecure Open Source Components Threaten Your Apps?

Since Apache Maven, the brainchild of Sonatype founder Jason van Zyl, emerged as a top-level Apache Software Foundation project in 2003, the Central Repository has become a primary source of open source components. Jackson says the Central Repository receives four billion requests per year for its 300,000 components. more
News Source Proformative

Report: Half Global 500 Vulnerable to Open Source Security Loopholes

Aspect Security and Sonatype have recently collaborated to provide the industry's first study of potential vulnerabilities in open-source computing tools. These flexible components are used by members of the Global 2,000 and other leading organizations thousands of times each day in their operations, and the implications of security frailties could be significant. more
News Source Tech Security Today

The Inherently Insecure Nature of Open Source Projects

A huge percentage of the applications being built these days rely on previously existing components that developers stitch together to make a new application. In fact, the vast majority of these components are open source projects that developers assume to be secure given the peer review process that most open source projects are based on. more
News Source Linux Today

Sonatype not out to slam open source

"Yeah, thought so. "Which is pretty much what was going through my head when I read Monday's wire reports that software-development firm Sonatype and application security specialists Aspect Security has released a study with a press release that highlighted "[m]ore than 80 percent of typical software applications are open-source components and frameworks consumed in binary form." more
News Source Network World

Are Open Source Libraries Any More Vulnerable Than Closed Source?

My friend and Network World editor, Ellen Messmer posted an article yesterday about the results of an analysis by Aspect Security of the Central Repository maintained by Sonatype. The study was announced by Aspect and Sonatype yesterday. Both the study and Ellen's article have set off a bit of a firestorm in both the open source and security communities about the security or lack thereof of open source libraries and components. more

Awards

Codie INC 500 Red Herring SD Times NVTC RSA Gartner