Many of my friends and most of my family struggle to understand what Sonatype does, and therefore what I do all day.
We help companies develop more secure software by choosing better components (building blocks of the software... like parts in your car). Many public attacks that people try to think of when I say that are often unrelated. Except this one.
The Equifax attack occurred in a known vulnerable component fixed and announced months before the attack. We help our customers know what components they are using, in which applications, and when these vulnerabilities are announced, so they can fix them quickly.
So, if you want to know what we're doing all day... we're trying to help companies avoid more attacks like this. On your banks. On your government. On your infrastructure. Software is everywhere, this is the new reality. Companies must assume bugs will happen, it's how you respond (or don't) that ultimately matters.
.jpg?width=150&height=150&name=fox-2016-1-sq%20(1).jpg)
Brian Fox, CTO and co-founder of Sonatype, is a Governing Board Member for the Open Source Security Foundation (OpenSSF), a Governing Board Member for the Fintech Open Source Foundation (FINOS), a member of the Monetary Authority of Singapore Cyber and Technology Resilience Experts (CTREX) Panel, a member of the Apache Software Foundation and former Chair of the Apache Maven project. Working with OpenSSF, Brian helped create The Open Source Consumption Manifesto, urging organizations to elevate awareness of open source usage. He also chaired efforts to provide official responses to requests for information from the The Office of the National Cybersecurity Directorate (ONCD) and the Cybersecurity and Infrastructure Security Agency (CISA). Within the Atlantic Council's Open Source Policy Network, Brian actively helps shape cybersecurity strategy, offering valuable insights on critical documents, such as ONCD's recent National Cyber Security Strategy. Brian has over 20 years of experience driving the vision behind, as well as developing and leading the development of software for organizations ranging from startups to large enterprises. Brian is a frequent speaker at national and regional events including Java User Groups and other security and development-related conferences.
Explore All Posts by Brian FoxTags
Try Nexus Repository Free Today
Sonatype Nexus Repository is the world’s most trusted artifact repository manager. Experience the difference and download Community Edition for free.