Resources

Events & Webinars

Infosec World

InfoSec World 2016

Date: April 4-6, 2016
Location: Lake Buena Vista, FL

Josh Corman will be hosting "Fireside Chat: Winning at a Losing Game: Hacking Incentives to Change Our Fate" at InfoSec World 2016!

more
LISA15 USENIX

LISA15 USENIX

Date: October 19 - 20, 2015
Location: Washington Marriott Wardman Park, 2660 Woodley Road Northwest, Washington, DC 20008, United States

Speakers: Derek Weeks and Josh Corman

more
JavaOne

JavaOne

Date: October 25 - 29, 2015
Location: Hilton San Francisco Union Square, 333 O'Farrell Street, San Francisco, CA 94102, United States

Speaker: Manfred Moser

more
FSISAC Fall Summit

FSISAC Fall Summit

Date: October 25 - 28, 2015
Location: Hotel del Coronado, 1500 Orange Avenue, Coronado, CA 92118, United States

more
DevOps Enterprise Summit

DevOps Enterprise Summit

Date: October 19 - 20, 2015
Location: Santa Clara Convention Center, 5001 Great America Parkway, Santa Clara, CA 95054, United States

Speaker: Josh Corman

more
Appsec USA

Appsec USA

Date: October 19 - 20, 2015
Location: Hyatt Regency San Francisco, 5 Embarcadero Center, San Francisco, CA 94111

Speakers: Mark Miller, Josh Corman

more
AppSec USA

AppSec USA

Date: September 22-25, 2015
Location: San Francisco, CA

Sonatype is a Platinum Sponsor at AppSec USA!

more
GOTO London 2015

GOTO London 2015

Date: September 16 - 18 , 2015
Location: London, UK

Sonatype CTO Josh Corman will be presenting at GOTO London

more
LISA15 USENIX

Atlanta Java User Group

Date: September 15, 2015
Location: Holiday Inn Atlanta-Perimeter/Dun­woody, 4386 Chamblee Dunwoody Road, Atlanta, GA

Speakers: Derek Weeks

more
DevOps Days

DevOps Days Boston

Date: September 15, 2015
Location: Boston, MA

Mark Miller will host a Lightning Talk at DevOps Days Boston! Topic: The DevOps Toolkit - Building the Software Supply Chain.

more
HP Protect 2015

HP Protect 2015

Date: September 1 - 4, 2015
Location: Gaylord National Resort and ConventionCenter, National Harbor, MD

Sonatype's Derek Weeks will be presenting at HP Protect

more
Sonatype Webinar

Webinar: New Research Reveals 24 Vulnerabilities in the Average Application

On-Demand Recording

Gain new insights on how to deliver higher quality software even faster -- with less unplanned, unscheduled rework. If you are using open source components as part of development you may be unknowingly sabotaging your efforts by introducing known vulnerabilities – shockingly there are 24 vulnerabilities in the average application. Hear the results of an extensive analysis of open source usage across 106,000 development organizations. We’ll be drawing analogies between modern software development and traditional manufacturing supply chains, focusing on proven steps to improve speed, efficiency and quality. Watch the on-demand recording.

more
Sonatype Webinar

Carahsoft and Sonatype Partnership Kickoff Webcast: Public Sector Software Development

On-Demand Recording

As usage of Open Source Software increases in the public sector and mission critical applications, it is important to continually secure the supply chain and select the safest components available. View this webinar to see how Sonatype's Nexus Lifecycle product help you quickly and proactively find and replace flawed open source from your software ecosystem and achieve comprehensive and lasting governance across the entire software supply chain. View the on-demand recording.

more
Sonatype Webinar

Continuous Acceleration with a Software Supply Chain Approach

On-Demand Recording

Join Gene Kim, CTO, researcher and author of the best-selling book “The Phoenix Project” and Josh Corman, Sonatype CTO and co-founder of Rugged Software as they discuss how high performing organizations are applying proven supply chain principles to accelerate software delivery.

more
Sonatype Webinar

Inside the Sonatype Engineering Team - The Tooling

On-Demand Recording

Learn how our completely remote workforce leverages agile techniques and tooling such as JIRA, GitHub, HipChat and Nexus Pro+ to plan and deliver new product capabilities in two week sprints. View the on-demand recording.

more
Sonatype Webinar

Inside the Sonatype Engineering Team - The Process

On-Demand Recording

Learn how our remote workforce works together leveraging a tool chain of Ansible, AWS, Bamboo, Docker and Nexus Lifecycle to build, release and operate our products and infrastructure. View the on-demand recording.

more
Sonatype Webinar

Strengthen Cyber Resilience with Software Supply Chain Visibility

On-Demand Recording

Our dependence on software continues to grow, powering some of our nation’s most critical infrastructure. To secure our cyber assets, we need to apply high standards to our software suppliers as well as the third party parts built into our software. Join the discussion on how open source and component-based development is driving the need for a software supply chain. Learn techniques and technologies used to vet software suppliers and known vulnerable components. Watch the on-demand recording.

more
Sonatype Webinar

Accelerating Continuous Delivery by Improving NuGet Component Management

On-Demand Recording

Use of repository managers in continuous delivery environments are shown to reduce build times 20-fold as compared to relying on public open source repositories like the NuGet Gallery. By relying on a local caching proxy for the NuGet Gallery and hosting your own proprietary NuGet packages locally, you can dramatically improve build speeds and reliability. In this session, we also show how a repository manager that integrates with NuGet helps .NET developers manage component versions, dependencies and license types using proxy facilities to ensure a continuous flow of development and faster cycle times.

more
Sonatype Webinar

Webinar: Ban Avoidable Risk and Rework on Open Source Components: Featuring Customer Story

On-Demand Recording

It's time we Raise the B.A.R.R to "Ban Avoidable Risk and Rework" and STOP using components with known vulnerabilities in our software and START building transparency and traceability of all open source components used. In this webcast, Nigel Simpson, Director of Architecture in the Media and Entertainment industry helps us learn strategies to improve governance and reduce risk by engaging developers early in the process. View this on-demand recording.

more

Nexus Live: October 9, 2014 1:00pm EDT, TheNEXUS Community Sneak Peak

On-Demand Recording

During the October 2014 broadcast of Nexus Live we were able to catch up with Gene Kim and Josh Corman to find out what’s in store for the DevOps Enterprise Summit in the Bay Area at the end of the month. We also took a quick look at TheNEXUS, the new community site for Nexus, Nexus Pro and CLM. Take a look.

more
Sonatype Webinar

Webinar: See the Sonatype Product Roadmap Revealed

On-Demand Recording

For years, development teams and now security professionals have looked to Sonatype for better management of open source and third party components across the software supply chain. Watch our live product roadmap discussion to learn more about our commitment to helping you achieve real business value from your enterprise applications more quickly - with efficiency, quality and security addressed across the software lifecycle. See how with new product advancements for more component languages, a consolidated risk management dashboard and expanded integration points across the SDLC can bring your organization enterprise-class component management to your development operations.

more
Sonatype Webinar

ISSA Webinar: What's in your Software? Identifying Open Source Vulnerabilities

On-Demand Recording

New software enters our security ecosystems daily. When we evaluate the software we look for vulnerabilities in the product. Of course we run functional tests, or break out our favorite scanner, to see if there is embedded malware or dangerous deployment requirements, or even bugs in the program. When done, it gets deployed. What happens after deployment is important, but also gets missed. Of course we will catch new vulnerabilities that are directly related to the product, but what about vulnerabilities in the third party components included in the product? Recently this point was driven home by the numerous vulnerabilities in OpenSSL. This panel will leverage the insight from seasoned industry leaders as we hear their thoughts and reactions to Heartbleed.

more
Sonatype Webinar

Webinar: Open Source Development and Application Security Survey: The Results are In!

On-Demand Recording

Over 3,300 participated! The final results of our 4th Annual Open Source and Application Security Survey are in. Adrian Lane from Securosis and Brian Fox from Sonatype provide a detailed breakdown of the findings from a developer and an application security perspective. They discuss policies, practices, and breaches as well as how organizations can use these results to create constructive conversations to feed their open source security management practices.

more

RSA Webinar: Software Liability?: The Worst Possible Idea (Except for all Others)

On-Demand Recording

While many had hoped that market competition would influence security improvements, customers are forced to accept software as is with no alternatives. Software is responsible for our critical infrastructure, cars, medical devices and is a part of our daily lives including our well-being. Will we be able to achieve better software security without vendors facing financial consequences? View the on-demand recording.

more
Sonatype Webinar

Webinar: Lessons Learned from Heartbleed, Struts and the Neglected 90%

On-Demand Recording

Watch this insightful and witty discussion between two old pals, Wendy Nather, Security Research Director at 451 Research and Josh Corman, CTO at Sonatype on the state of application security today. They share their perspectives on the changing landscape of application development and how this is impacting common application security approaches. They agree the dramatic shift from source code to component based development has created an open source security gap. With component vulnerabilities becoming national news, Heartbleed, Struts and the promise of more to come, now is the time to address this growing security gap.

more
Sonatype Press Release

Webinar: Introducing a New Level of on Demand Application Security

On-Demand Recording

Sonatype and HP Fortify are the first to deliver a new level of application security that includes static and dynamic testing coupled with open source component analysis. Watch this on-demand session to learn how your organization can use Fortify on Demand with Sonatype's Open Source Visibility Report to gain complete visibility into what components you are using and if there are known vulnerabilities or license obligation that bring risk to your organization and your customers.

more

Awards

Codie INC 500 Red Herring SD Times NVTC RSA Gartner