If you’ve got DevOps chops, you already know you’re in demand. And if you’re an IT leader hiring for a DevOps shop, you know the challenges in finding good people. Like DevOps itself, the DevOps job market continues to evolve. And let’s be honest: This isn’t an area of consensus in IT, as the ongoing debate about titles such as “DevOps Engineer” attests.
Bill Karpovich will lead portfolio evolution, strategic partnering, acquisitions, and new growth initiatives worldwide for Sonatype, the leader in software supply chain automation. Reporting to CEO Wayne Jackson, Bill will help the company expand its portfolio and scale operations globally.
The term “DevOps” is typically credited to this 2008 presentation on agile infrastructure and operations. Now ubiquitous in IT vocabulary, the mashup word is less than 10 years old: We’re still figuring out this modern way of working in IT. Sure, people who have been “doing DevOps” for years have accrued plenty of wisdom along the way. But most DevOps environments – and the mix of people and culture, process and methodology, and tools and technology – are far from mature.
Microsoft wants to own Quantum Coding. Quantum computing is still in its nascent stage. But Microsoft – probably still wary of missing a trick like it did with mobile – has already staked its claim on the space. The Redmond Company announced this week that it is developing a language for programming quantum bits. The as-yet-unnamed language should be available for preview by the end of the year.
It’s a truism of the Digital Age that anything can be hacked. It’s also a truism that things aren’t always what they seem. Those notions hold true for CCleaner, which, with 115 million monthly active users, is the most popular Windows system-cleaning and -optimizing software in the world. New findings about an attack on older versions of CCleaner, first disclosed last week, indicate that hackers targeted the popular third-party consumer utility in order to infiltrate corporate computer systems.
The two most senior security roles have since been filled by the credit rating firm, with the world still stunned by the scale of the breach that also affected around 400,000 people in the UK. The way Equifax executives and its IT security team appears to have failed to adequately apply patches, the amount of time it took to discover the depth of the breach and the delay in ultimately reporting it certainly paints a picture of a colossal failure at all levels, including the curiously timed stock sales by top executives (who deny knowledge of the breach at the time of the sale) just days before the disclosure, reported by Bloomberg.
The number of organizations that have downloaded vulnerable versions of the Struts2 component (CVE-2017-5638) totals 3,054, according to Sonatype. Analyzing data from the Maven Central repository, the largest distribution point for Java open-source components, Sonatype found a startling lack of hygiene related to enterprise consumption of vulnerable Struts2 components, which were exploited in the massive breach at Equifax.
More than 3,000 organizations could be at risk of suffering an attack against the same vulnerability that allowed hackers to gain access to the records of more than 143 million Americans from credit reporting firm Equifax. The troublesome figure comes from supply chain automation firm Sonatype, which found a total of 3,054 organizations still using a vulnerable version of Apache Struts, a popular web application framework.
U.S. consumer credit reporting agency Equifax Inc. will soon be heading to court with multiple lawsuits being filed against the company following its disclosure of a massive hack last week. The lawsuits, which stand at least two dozen according to Reuters, come in a number of different flavors, including one suit that alleges that Equifax was guilty of equities fraud, while a number of other suits are specifically targeting Equifax’s response to the hack such as its offer of one year of free credit monitoring.
Sonatype of Fulton appointed Letitia Long and Steve Hills board members.
Letitia Long, former director of the National Geospatial-Intelligence Agency, has been named an independent director of Sonatype‘s board of directors. Sonatype said Tuesday Long will work with board representatives from the company’s lead investors that include Goldman Sachs, Accel Partners, New Enterprise Associates and Hummer Winblad Venture Partners.
Software supply chain automation leader, Sonatype, has announced support of its new return on investment metrics and application quality within its Nexus Lifecycle solution. The new feature, Success Metrics, enables DevOps teams to measure and quickly assess the ability of its automated open source govonernance programmes.
Imagine if you could improve the quality of your applications and cut development cost at the same time?It is possible, if you can manage the quality of the open source components used by their developers. This is according to the third annual State of the Software Supply Chain Reportpublished by US-based software supply chain automation specialist, Sonatype.
Supply chain automation company Sonatype produces what it calls its Software Supply Chain Report every year (now in its third) in an attempt to highlights alleged ‘risks’ lurking within open source software components.
Heightened awareness about the security risks associated with open source software has increased use of disciplined DevOps practices that have improved application quality and developer productivity, a software supply chain survey finds.
Sonatype, the leader in software supply chain automation, today announced the release of its third annual State of the Software Supply Chain Report. This year’s report highlights risks lurking within open source software components and quantifies the empirical benefits of actively managing software supply chain hygiene.
In der Software-Lieferkette finden sich immer häufiger Open-Source-Komponenten. DevOps-Strategien und ein aktives Management helfen dabei, defekte Komponenten besser zu erkennen, wie der jüngste Software Supply Chain Report von Sonatype unterstreicht. Für den 2017 Software Supply Chain Report hat Sonatype mehr als 17.000 Applikationen analysiert. Dabei zeigte sich, dass sich die Produktivität der Entwickler bei einer aktiven Steuerung der eingesetzten Open-Source-Komponenten um 28 Prozentpunkte erhöhte. Die gesamten Entwicklungskosten ließen sich um 30 Prozent reduzieren.
Sonatype veröffentlicht den dritten jährlichen Software-Supply-Chain-Statusbericht. Der diesjährige Bericht hebt Risiken hervor, die in Open-Source-Software-Komponenten lauern, und quantifiziert die empirischen Vorteile eines aktiven Managements in Bezug auf die Hygiene innerhalb der Software-Lieferkette.
Sonatype released its third annual State of the Software Supply Chain report, which highlights risks within open source software components. The report also highlights the benefits of managing software supply chain hygiene. “Companies are no longer building software applications from scratch, they are manufacturing them as fast as they can using an infinite supply of open source component parts.
The use of open source components can help speed up the software development process, but it comes with a risk if poor quality code leads to vulnerable applications being released. The latest State of the Software Supply Chain Report from DevOps tools specialist Sonatype reveals that organizations which actively manage the quality of open source components flowing into production applications realize a 28 percent improvement in developer productivity, a 30 percent reduction in overall development costs, and a 48 percent increase in application quality.
In the past, IT security in the application building process has often been addressed as an after-thought, usually brought up at the last minute, just after the desired application and code were created. Since 2014, however, that frequent pattern has been changing as more security emphasis is apparently being brought into application development earlier in its creation, according to a recent DevSecOps study on enterprise security practices, released by Sonatype.
Fulton-based Sonatype is bringing on some deeper knowledge about potential security vulnerabilties with an acquisition. The company that makes tools to automate software processes and potential holes in open source code acquired Vor Security, which is based in Ottowa, Canada.
Many development teams view security as an impediment to agility and innovation, but efforts over the past few years have tried to integrate security controls and testing directly into DevOps workflows without sacrificing development speed and deployment flexibility.
Sonatype released the next generation of its free Repository Health Check (RHC) feature within its flagship Nexus Repository product. All 120,000 organizations using Nexus will benefit immediately from the ability to automatically analyze the quality and security of open source software components housed within their Nexus Repository as part of their DevOps pipeline.
With two international cyber-crime conferences in Belfast in the same week, we're asking whether your company can stay ahead of the hackers. Wendy Austin is joined by Shannon Lietz, DevSecOps lead at Intuit; Mark Miller, senior storyteller at Sonatype; and David Crozier of Queen's University spinout CSIT.
DevOps can help develop software faster, but that's not making it any safer. DevSecOps is an effort to bring security into the mix. Here are some ways to get started.
Sonatype released the next generation of its free Repository Health Check (RHC) feature within its flagship Nexus Repository product. As of today, all 120,000 organizations using Nexus will benefit immediately from the ability to automatically analyze the quality and security of open source software components housed within their Nexus Repository as part of their DevOps pipeline.
Today's development practices continue to evolve toward the fast iterations of smaller builds. Developers are using approaches like microservices to chunk out monolithic applications into a sum of more rational and reusable mix-and-match elements.
Sonatype announced that its Nexus Firewall will offer support for automated governance of PyPI components before the end of the quarter.
Mature development organizations make sure automated security is built into their DevOps practice early, everywhere and at scale, according to a new report by Sonatype.
When developers and suppliers carefully list the tools used to build an application and what third-party components are included, IT can improve software patching and updates.
DevOps Express initiative aims to streamline the way enterprises transform their software development and delivery processes to DevOps.
The software world is being flooded with open source product. In fact, the federal government has an open-source-first policy. But maybe it's time to stop and think about sources of open source. Where does all that code originate? The software supply chain. That's something Derek Weeks, vice president and DevOps advocate at Sonatype, looks at carefully. He joins Federal Drive with Tom Temin.
What: The 2016 State of the Software Supply Chain report from Sonatype detailing the use of open source components in software. Why: Because 80 to 90 percent of today’s software applications are made of component parts, and increasingly, open source components, defect rates and security and quality issues abound within the software supply chain. Adopting supply chain automation principles, however, could reduce vulnerabilities.
Companies that develop enterprise applications download over 200,000 open-source components on average every year -- and one in 16 of those components has security vulnerabilities.