<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Media

Stay current on Sonatype news.
BaltimoreBusinessJournal logo.png

February 2, 2017 - A look at the top four venture capital recipients of 2016

Sonatype Inc., Vtesse Inc., NextCure and GrayBug LLC were the four companies that received the most venture capital funding in 2016.
Dzone logo copy.png

February 1, 2017 - State of the Software Supply Chain

Thanks to Derek Weeks, V.P. and DevOps Advocate for Sonatype for sharing their second annual report on managing open source components to accelerate innovation. Following are the key findings of their research...
CW_Logo-hero.png

January 20, 2017 - Sonatype: 1 in 15 open source app components has at least one security vulnerability

Software supply chain automation company Sonatype is hanging out the flags to celebrate the fact that it has experienced a 300 percent growth in the use of its Nexus Repository over the past three years.
appdev magazine logo copy.png

January 13, 2017 - Scanning JavaScript for vulnerabilities: How the impossible is now possible

Javascript is everywhere, and it's awesome! But the world most popular language can be riddled with problems if you aren't a careful programmer.
container journal copy.png

January 6, 2017 - Sonatype Takes on Container Governance

As usage of containers continues to proliferate across the enterprise there will be some natural shifting of management responsibility between developers and IT operations teams in many organizations. In fact, most developers will have a bare-minimum involvement in anything to do with IT governance.
threatpost-logobw.png

December 15, 2016 - Code Reuse a Peril for Secure Software Development

The amount of insecure software tied to reused third-party libraries and lingering in applications long after patches have been deployed is staggering. It’s a habitual problem perpetuated by developers failing to vet third-party code for vulnerabilities, and some repositories taking a hands-off approach with the code they host.
logo-sdx-central-small bw.png

December 8, 2016 - Sonatype Adds Container Inspection to Its Lifecycle Software

Sonatype, a company offering a kind of quality control for software components, has extended its reach into the container world.
federal_news_radio.png

November 28, 2016 - DevOps & agile software development

Today’s interview is with Matt Howard, executive vice president for Market Development at Sonatype.   His company helps federal software developers put together code quicker, cheaper, and in a more secure manner.
The Register Logo bw.png

November 11, 2016 - Fancy 15 hours of DevOps

It’s one thing logging onto a 15 hour online event covering the world of DevOps. It’s quite another watching it live in the comfortable offices of one of the main sponsors with complimentary food and drinks from morning until evening. Plus happy hour.
appdev magazine logo copy.png

November 1, 2016 - Why software is no longer being written from scratch

Application developers are increasingly reliant on open source component parts because pre-fabricated components speed up innovation and save developers the time (and money) of having to write code from scratch.
eweek logo bw.png

October 21, 2016 - Sonatype Maps the JavaScript Genome for DevOps

Sonatype has mapped out the JavaScript genome to help organizations with high-velocity, automated development practices.
cio_logo.jpg

September 26, 2016 - What’s in your code? Why you need a software bill of materials

When developers and suppliers carefully list the tools used to build an application and what third-party components are included, IT can improve software patching and updates.

ADT MAG

September 21, 2016 - 14 DevOps Leaders Join Forces

CloudBees, Sonatype, GitHub, CA Technologies and 10 other IT solutions and service providers have announced that they are forming an alliance with the goal of making it easier for enterprises to adopt the software stack needed to implement DevOps in their organizations.
LOGO_SDTimes.png

September 15, 2016 - Jenkins World: CloudBees, DevOps Express, the Blue Ocean project, and Undo’s Live Recorder

Fourteen DevOps technology leaders announced a new initiative to streamline DevOps adoption at this week’s Jenkins World. The new DevOps Express aims to help answer key questions such as where to start, what a typical DevOps stack looks like, how to learn from others, how to minimize risk, and how to ensure technologies will work together.
computing logo bw.png

September 15, 2016 - 14 DevOps vendors link up to simplify enterprise adoption of 'best of breed' tools

DevOps Express initiative aims to streamline the way enterprises transform their software development and delivery processes to DevOps.

dotnetpro logo bw.png

September 14, 2016 - Sonatype und CloudBees starten DevOps Express-Initiative

14 Branchenführer haben sich zum Ziel gesetzt, die Kundenzufriedenheit mit "kampferprobten" nativen DevOps-Lösungen zu verbessern.
federal_news_radio.png

August 19, 2016 - Derek Weeks: A closer look at software supply chain

The software world is being flooded with open source product. In fact, the federal government has an open-source-first policy. But maybe it's time to stop and think about sources of open source. Where does all that code originate? The software supply chain. That's something Derek Weeks, vice president and DevOps advocate at Sonatype, looks at carefully. He joins Federal Drive with Tom Temin.

GCN

July 22, 2016 - Protecting the open source software supply chain

What: The 2016 State of the Software Supply Chain report from Sonatype detailing the use of open source components in software. Why: Because 80 to 90 percent of today’s software applications are made of component parts, and increasingly, open source components,  defect rates and security and quality issues abound within the software supply chain. Adopting supply chain automation principles, however, could reduce vulnerabilities.

adt_mag.png

July 12, 2016 - Report: 1 in 16 Java Components Have Security Defects

Sonatype has just released its second annual report on managing open source components. The "2016 State of the Software Supply Chain" report is available now, and well worth reading.
computerworld_logo.png

July 11, 2016 - Enterprise software developers continue to use flawed code in apps

Companies that develop enterprise applications download over 200,000 open-source components on average every year -- and one in 16 of those components has security vulnerabilities.

CSO

July 11, 2016 - Enterprise software developers continue to use flawed code in apps

The use of third-party code in enterprise software projects is growing fast, but the used code often has known flaws. 
Dive Logo

July 11, 2016 - Report: Enterprises more reliant on open source and third-party software components

The software supply chain is booming and enterprises are frequently turning to open source and third party software components to decrease the amount of code they have to write, which helps accelerate deployment cycles, according to Sonatype’s 2016 State of the Software Supply Chain report released Monday.
esecurity

July 11, 2016 - Room for Application Security Improvement

Application security suffers from the indiscriminate use of open source software components, finds Sonatype research.
LOGO_SDTimes_copy-1.png

July 11, 2016 - The State of the Software Supply Chain report

Open-source software is being used more than ever, yet practices for sourcing the software are inefficient and vulnerabilities are pervasive, according to a report from supply-chain automation provider Sonatype. 
LOGO_SDTimes_copy.png

April 13, 2016 - Sonatype launches new Nexus Universal Repository Manager

Sonatype, the leader in software supply chain automation, today released the latest version of Nexus Repository, adding free support for seven of the most popular software component types. Additionally, Sonatype announced that Nexus Repository has now surpassed 100,000 active installations, including a majority of the Fortune 100, and continues to experience massive growth in usage. 
the_wall_street_journal.jpg

Feb 4, 2016 — Goldman Sachs Leads $30M Round in Sonatype

Goldman Sachs has led a $30 million investment in software developer Sonatype to help protect the quality of its open source software.
Washington-post-logo-thumb.jpg

Feb 4, 2016 — Md.-based cyber firm picks up $30 million led by Goldman Sachs

Jackson said helping Goldman with its own software infrastructure led to the financing announced Thursday. If the institution hadn’t been a customer, he says, “they probably never would have found us.”
fortune_logo.png

Feb 4, 2016 — Goldman Sachs Leads $30 Million Investment in Software Supply Chain Fixer

Don Duet, who co-leads the tech division at Goldman, cited the growing importance of open source code at his company as justification for the deal. “Today, open source components underpin a vast majority of our most mission-critical applications at the firm,” he said in a statement.
techcrunch_logo-1.png

Feb 4, 2016 — Sonatype Snares $30 Million Investment Led By Goldman Sachs

Sonatype, a company that helps customers create automated, policy-driven software component security, announced a $30 million round today led by Goldman Sachs.
cnn_money_copy.png

Dec 15, 2015 — Unwritten Rules of Hacking

Sonatype CTO Josh Corman is featured in CNN Money news segment from DefCon 2015 in Las Vegas, discussing white hat hacking as a force for good.
Forbes-logo.jpg

Dec 14, 2015 — Safer Open Source Code Inside The Enterprise – Sonatype Nexus Firewall

Given this new proliferation of open source software components, we are starting to see automation controls come forward to help control these essentially dynamic and constantly developing code bases. 
hp-enterprise-logo.png

Nov 20, 2015 — Who let security into DevOps?

Josh Corman featured in a series that covers DevOps and SecOps, and securing the Internet of Things.
pc_world.png

Nov 13, 2015 — Thousands of Java applications vulnerable to nine-month-old remote code execution exploit

A popular Java library has a serious vulnerability, discovered over nine months ago, that continues to put thousands of Java applications and servers at risk of remote code execution attacks.
infoq_copy.png

Nov 13, 2015 — Twistlock Partners with Sonatype on Container Security

Twistlock have also partnered with Sonatype in order to help developers keep vulnerabilities out of the ‘left hand side’ of the image creation process.
mashable-logo_copy.png

Aug 18, 2015 — All the cyberattacks on the U.S. government (that we know of)

Federal agencies have suffered at least a dozen major data breaches or network intrusions since 2007. What's troubling is, experts say these are high-tech attacks trending toward an old-fashioned end: Espionage.
fox_business_copy.png

Aug 14, 2015 — Sonatype CTO, Josh Corman, interviewed on Fox Business News about a recent Verizon phone bill hack.

Sonatype CTO, Josh Corman, is interviewed on Fox Business News about cyber security and recent hacks on vehicles, medical devices and now a Verizon phone bill with a $117,000 charge.
cnbc_logo_copy-1.png

Aug 12, 2015 — CNBC Interview with Sonatype CTO, Josh Corman, about cyber security

CNBC interviews Sonatype CTO, Josh Corman, about a suspected Russian attack on the Pentagon with a discussion about the broader implications of cyber security.
InfoSecurity-Magazine.png

Jul 20, 2015 — When Good Code Goes Bad

Unlike other industries that rely on supply from other organizations, software development has no clear way to understand when an open source or proprietary component 'part' is found to be defective.
Cnet-logo-Pentagram_copy.png

Jun 23, 2015 — Programmers are copying security flaws into your software, researchers warn

Programmers -- the people who create the software -- don't write all their code from scratch, instead borrowing freely from others' work. The problem: they're not vetting the code for security problems.
cio_logo.jpg

Jun 16, 2015 — Software Applications Have on Average 24 Vulnerabilities Inherited from Buggy Components

Many commercial software companies and enterprise in-house developers are churning out applications that are insecure by design due to the rapid and often uncontrolled use of open-source components.
apps.png

Jun 1, 2015 — Sonatype Facilitates DevOps Approach to App Dev

Applications are rarely built from scratch today, but rather tend to leverage myriad tools and libraries as organizations increasingly move to a rapid deployment DevOps style of IT.
SoftwareMagLogoWeb.jpg

May 18, 2015 — Learning by Example: What software developers can learn from Toyota about supply chains

Software developers can learn a lot from the example of car manufacturing. Both stand to benefit from reducing the complexity in their supply chains and gaining more control over the parts they use.
darkreading.png

Jan 23, 2015 — Growing Open Source Use Heightens Enterprise Security Risks

The data breaches disclosed earlier this month at Park ‘N Fly and OneStopParking.com, two major airport parking services, highlight the continuing risk that enterprises face from using open-source software in their environments without a plan for managing it.
GCN_logo_copy.png

Jan 21, 2015 — How secure are your open source-based systems?

The Cyber Supply Chain and Transparency Act of 2014 requires any supplier of software to the federal government to identify which third-party and open source components are used and verify that they do not include known vulnerabilities for which a less vulnerable alternative is available.