Fulton, MD – April 22, 2014 — Sonatype, a software company that enables developers to easily build software applications while significantly reducing security, compliance, and licensing risks, continues to find its software in high demand. The company credits this momentum to an increasing awareness of the urgent need to address the risks associated with flawed open source components being used in millions of mission-critical software applications.
As is often the case when such critical threats emerge, the financial services sector is moving quickly to secure their software applications leveraging Sonatype’s Component Lifecycle Management solution. Many other Fortune 500 companies are following suit.
In addition to 80 percent of the largest US and European banks, leaders in these other key industries have become Sonatype customers:
- 5 of the top 10 aerospace companies
- 2 of the top 5 entertainment companies
- 2 of the top 5 telecommunications companies
- 2 of the top 5 healthcare insurance companies
- 2 of the top 5 diversified financials companies
- 2 of the top 5 network/communications companies
- 75 percent of the top computer and peripheral companies
"Software runs the world, so it’s vital that it runs securely," said Wayne Jackson, CEO of Sonatype. "The known vulnerabilities in many of the components being employed by software developers are becoming more visible based on the broad damage caused by Struts2 and now the mass awareness of the Heartbleed bug."
"The open source projects continue to do a terrific job quickly addressing newly discovered vulnerabilities, and now more of the enterprises doing component-based development are implementing Component Lifecycle Management to ensure they are using the safest versions," continued Jackson. "Based on the critical risk to the huge number of software applications that make the world’s banks and other major corporations work, it's encouraging to see industry leaders tackling this problem head on."
Recognizing this risk, the FS-ISAC (Financial Services Information Sharing and Analysis Center) recently released guidance regarding open source libraries and components. Specifically, the guidance recommends that financial institutions apply automated policy management and enforcement as well as inventory management for open source libraries used in their application portfolio.
Click here to access the FS-ISAC Third Party Software Security Working Group white paper: Appropriate Software Security Control Types for Third Party Service and Product Providers.
Organizations seeking insight on the component vulnerabilities that may be hidden in their applications can assess their risk with one of Sonatype’s complimentary open source assessments at sonatype.com/resources/risk-assessments.
About Sonatype:
Every day, developers rely on millions of third party and open source building blocks – known as components – to build the software that runs our world. Sonatype ensures that only the best components are used throughout the software development lifecycle so that organizations don't have to make the tradeoff between going fast and being secure. Policy automation, ongoing monitoring and proactive alerts makes it easy to have full visibility and control of components throughout the software supply chain so that applications start secure and remain that way over time. Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel Partners, Bay Partners, Hummer Winblad Venture Partners and Morgenthaler Ventures. Visit: www.sonatype.com
Tony Keller
The Walker Group
tkeller@walkerlimited.com