OVUM shares views on Sonatype’s products and vision, especially relating to Component Lifecycle Management (CLM).
Sonatype has been selected as preferred vendor for 'Control Type 3 Policy Management and Enforcement for Consumption of Open Source Libraries and Components' as part of the Financial Services ISAC guidelines.
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components with Known Vulnerabilities
In 2013, the Open Web Application Security Project (OWASP) was updated to include “A9: using components with known vulnerabilities.” This paper explains this new threat with practical ideas for reducing risk from open source components which now comprise 80% of an average application.
Recent revisions to the Payment Card Industry (PCI) guidelines now require organizations to address potential vulnerabilities caused by use of open source components in their applications.
While the repository manager remains a foundation for component management, a new approach is needed to ensure that developers deliver trusted applications. An approach that leverages automated policies and that provides guidance and enforcement throughout the entire software lifecycle. In short, you need a golden policy approach, not a golden repository.
Discover how Sonatype's Component Lifecycle Management (CLM) solution is architected to utilize the advantages of the cloud and on-premise deployment.
The average software application today is 80 percent comprised of open source components downloaded from shared repositories, yet most of today’s application security tools are designed for custom source code. This gap leaves most application code vulnerable to security threats, licensing issues and performance defects. Understand how Component Lifecycle Management addresses this problem in refreshing new ways.
The purpose of Sonatype's CLM platform is to get out of the way of agile developers and let them do their thing, while at the same time keeping track of the versions, vulnerabilities and licensing of the open source components they're using.
This executive brief summarizes the findings of an independent and comprehensive security review of the 31 most commonly used open source components and provides practical guidance and best practices for addressing security risks.
Learn how advanced binary matching can allow you to analyze a large application and produce a precise bill of materials in minutes.