Financial Services

Improved application security for financial services

Spotlight

FS-ISAC identifies a new cyber attack risk in your "IT supply chain." Sonatype can help.

Data breaches, online banking security and the overall growing threat of cyber attacks concern all organizations, but perhaps none more than the financial services industry.

To address these concerns, the FS-ISAC (Financial Services – Information Sharing and Analysis Center) has released guidelines regarding security risk from "third party service and product providers."

Download the FS-ISAC Report

Sonatype is a preferred application security vendor. Why?

FS-ISAC recommends Sonatype for "Policy management and enforcement of open source
libraries and components." With Component Lifecycle Management (CLM), you can:

Find and remediate
security problems early in development using the tools that your developers use everyday. No extra work or delays.

Automate policies
for open source security, license & quality with integration throughout your software development lifecycle.

Monitor continuously
to ensure trust over time, so you'll know when a new risk is discovered and exactly where you are impacted.

See a tour of Sonatype CLM

Why are components the "neglected 90%?" What's the risk?

Components are like LEGO building blocks that enable developers to build innovative new financial applications quickly. However, most application security methods focus on the source code that is written and compiled, not components that are downloaded and assembled.

Components comprise 90% of a typical application and 71% of these applications have at least one critical or severe vulnerability. Identifying and avoiding components with known vulnerabilities is an easily avoidable risk.

Wired Magazine: Aetna Chief Security Officer, Jim Routh, discusses component-based risk

"The good news is that reusable code has clearly arrived...the not so good news is that it has vulnerabilities in many of the most commonly used components. Estimates indicate that 46 million downloads in 2012 included insecure components or code with high-risk security vulnerabilities. Once the code is assembled by developers they often will not scan or test the security of the open source libraries, instead assuming that because it is commonly used it must be secure."

Read the article

Assess your current application risk in 2 minutes – it’s confidential and free.

As a free community service, Sonatype offers a proprietary application analysis tool you can use to run your own confidential "application health check."

  • Confidentially and quickly analyze your java open source components
  • Create a "bill of materials" inventory of precisely which components are used and where
  • Identify specific security, quality and license risks
  • Analyze both internal and third party applications

Learn More & Start Your Analysis

Explore further...

I'm interested in Sonatype CLM. I want to...