Talking Turkey in Texas: Open Source Governance Lags


November 25, 2014 By
Derek Weeks
tt

Deep in the heart of Texas, I was leading a panel discussion at the Lone Star Application Security Conference (LASCON) a few weeks ago.  The panel was “talking turkey” the importance of application security and open source software development, when the conversation led to a discussion about software supply chains. One of the panelists remarked […]

Continue reading...

42,000 Nexus Repository Managers, and Growing!


November 19, 2014 By
Derek Weeks
Nexus Artifactory Archiva

Over the past 15 months, active Nexus instances have grown from 21,000 to 42,000.  Wowza.   That is news worth sharing, because you made it happen! This means our global Nexus customer base added 47 new instances every single day over that same period.  47 a day!  And the volume of active instances continues to […]

Continue reading...

CIO.com: Helping Developers Reduce Open Source Risk


November 17, 2014 By
Derek Weeks
CIO-dot-com-logo

Last week, CIO.com shared a story of an inflection point in application security.  Lucian Constantin discussed how there needs to be a shift from manual open source risk analysis to more automated approaches.  His article stated, “The notion of using manual audits, manual approvals and traditional governance to deal with that level of [open source […]

Continue reading...

Riot Games Shares its Chef Cookbook for Nexus


November 12, 2014 By
Derek Weeks
league2

  Kyle Allan is on the deployment automation team at Riot Games — maker of the most played PC game in the world: League of Legends. This multiplayer 24/7 game runs at servers all over the world, from the U.S. to Europe, and from Australia to Southeast Asia.  Riot Games was looking for a service to store […]

Continue reading...

How Big is a Billion? Open Source Growth Skyrockets


November 10, 2014 By
Derek Weeks
evil2

How Big is a Billion? We all remember 1997’s Austin Powers movie with Dr. Evil trying to express a really big number: Dr. Evil: Mr. President, after I destroy Washington D.C… I will destroy another major city every hour on the hour. That is, unless, of course, you pay me… one hundred billion dollars. The […]

Continue reading...

Nigel’s Wake-up Call: Scaling Open Source Governance


November 3, 2014 By
Derek Weeks
shock

The Wake-up Call They had downloaded over 200,000 open source components in the past year.  And their open source policy…the one established to protect against license risks and security vulnerabilities?  It covered about 3% of them. This is how Nigel Simpson, Director of Architecture at a major media and entertainment company, described his organization’s “huge” […]

Continue reading...

Who is Nigel Simpson? (Lessons of Open Source Governance)


October 28, 2014 By
Derek Weeks
Who is Nigel Simpson?

If you are in the midst of creating (or even planning to implement) an Open Source Governance Policy for your organization, then you’ll want to get to know Nigel Simpson. Nigel has been leading an enterprise-wide working group with over 40 members — at a really big entertainment and media company — to define his […]

Continue reading...

The Two-Minute Open Source Risk Assessment


October 21, 2014 By
Derek Weeks
time 3

In two minutes, we can show you if there are any open source risks within your Java application.  And it’s free. That’s right, at Sonatype, we could not be more in favor of the code reuse that occurs millions of times a day thanks to the availability of open source and third-party components.  At the […]

Continue reading...