Total Economic Impact Study on Sonatype’s Nexus Platform Reveals 232% ROI and 20% Reduction in Risk of Breach


New independent study finds Sonatype’s products save $14,000 per developer per year when improving secure coding practices

FULTON, MD – Jan 29, 2019 - Sonatype, the leader in automated open source governance, announced the release of The Total Economic Impact™ Of The Sonatype Nexus Platform, a commissioned study conducted by research firm Forrester Consulting. In the study, Forrester found that organizations using the Nexus Platform received an average of 232% return on their investment over three years and saw a net benefit achieved in under 12 months due to increased developer productivity, decreased risk of breaches and time-saved by security and compliance staff.

The benefits of Sonatype’s Nexus Platform, according to Forrester

SON_forrester_report_infographic@2x (1)

As noted by the report, “in a Forrester Research survey, 12% of respondents indicated they experienced at least one breach over the past year and 41% had experienced multiple breaches.”

Combine that with the fact that 51% of JavaScript packages and 12.1% of Java packages download last year included a known vulnerability, and it’s clear why unchecked open source use has become a business critical concern.

“We’ve long known that what we’ve built at Sonatype not only helps our customers make their software more secure, but it saves developers hundreds of hours of rework, and security and compliance professionals exponential time on manual reviews” said Wayne Jackson, CEO of Sonatype. “Seeing the results of Forrester’s latest study, just makes it even more undeniable.”

Sonatype helps thousands of organizations build better software, faster, by mitigating risks inherent in open source with automated governance. Forrester’s TEI study results revealed significant cost savings and business benefits for organizations the have deployed the Nexus Platform including:

  • Reducing the risk of a successful breach by 20%

  • Saving developers $14,000 in saved time per year

  • Improving  security team efficiency to the tune of 173 hours saved per month

Additional Resources:

About Sonatype

More than 10 million software developers rely on Sonatype to innovate faster while mitigating security risks inherent in open source.  Sonatype’s Nexus platform combines in-depth component intelligence with real-time remediation guidance to automate and scale open source governance across every stage of the modern DevOps pipeline.  Sonatype is privately held with investments from TPG, Goldman Sachs, Accel Partners, and Hummer Winblad Venture Partners. Learn more at