Spotlight

FS-ISAC identifies a new cyber attack risk in your "IT supply chain." Sonatype can help.

Data breaches, online banking security and the overall growing threat of cyber attacks concern all organizations, but perhaps none more than the financial services industry.

To address these concerns, the FS-ISAC (Financial Services – Information Sharing and Analysis Center) has released guidelines regarding security risk from "third party service and product providers."

Learn More

Spotlight

OWASP Top Ten advises: Avoid using components with known vulnerabilities. Sonatype can help.

The Open Web Application Security Project (OWASP) has updated their top ten list of application security threats to now include A9, which advises against "using components with known vulnerabilities."

These days, applications are 90% comprised of open source or third party components which are shared by developers worldwide.

However, most traditional application security methods don’t effectively identify component vulnerabilities.

Learn More

Spotlight

PCI says “No” to using components with known vulnerabilities. Sonatype can help.

The Payment Card Industry (PCI) standards help ensure that banks, financial services firms and merchants protect their customer's credit card data.

Credit card security became more challenging with the mandate to "avoid components with known vulnerabilities" based on recent Open Web Application Security Project (OWASP) guidelines.

The good news is that Sonatype makes it easy to avoid this risk and achieve PCI compliance.

Learn More

Spotlight

Are we doing enough to prevent future
heartbleeds? Here is what you can do now.

As the Heartbleed bug wreaked havoc on the internet, we at Sonatype began thinking about the lessons learned from this recent security scare and how, collectively, we can develop a process for mitigating the next major exposure.

Was this OpenSSL vulnerability an oversight by system administrators installing unknown software? The simple answer is no. OpenSSL is the defacto SSL implementation used on most internet servers around the world. This is not an untested, unverified component that slipped by security audits.

Learn More