Monthly Archives: March 2012

New TGLoader Android Malware Found Alternative Markets


March 26, 2012 By
The Vigilant Application Owner

March 26, Threatpost – (International) New TGLoader Android malware found in alternative markets. The TGLoader malware appeared in some alternative Android app markets recently, and researchers at North Carolina State University discovered and analyzed it, finding it has a wide range of capabilities. The malware uses the “exploid” root exploit to get root privileges on […]

Continue reading...

Today’s Security Brief: Application security is widely neglected (by some surprising companies)


By
Tim O'Brien

Today we published a paper with Aspect Security, and it’s a shocking look at how few people are paying attention to application security. If you consume dependencies from the Central Repository and you don’t want to get hacked, I’d suggest reading the report and understanding some of the challenges, I’d also check out some of […]

Continue reading...

Study: More Than 50 of Global 500 Use Vulnerable Open Source Components


March 25, 2012 By
The Vigilant Application Owner

March 25, ZDNet – (International) Study: More than 50% of Global 500 use vulnerable open source components. According to a joint research report issued March 25 by Sonatype and Aspect Security, more than 50 percent of the world’s largest corporations have open source applications with security vulnerabilities. That is because more than 80 percent of […]

Continue reading...

LibreOffice 3.4.6 Fixes Potential Security Problem


March 22, 2012 By
The Vigilant Application Owner

March 22, H Security – (International) LibreOffice 3.4.6 fixes ‘potential security problem’. The Document Foundation released version 3.4.6 of its open source LibreOffice productivity suite. The maintenance update addresses a “potential security problem” and includes fixes for a number of bugs, such as problems that could lead the – 14 – application to crash. Details […]

Continue reading...

Ken Rimple Interviews Brian Fox: Maven 3, Running Central, and Nexus


By
Tim O'Brien

Brian Fox sat down with Ken Rimple of Chariot Solutions to talk about Nexus and to put repository management in the context of recent developments with Maven. Ken Rimple and Chariot have been long-term partners with Sonatype supporting our Maven training efforts, so Ken has a lot of background about Maven to ask some interesting […]

Continue reading...

Article Published in ISACA Journal: Mitigating OSS Risk


By
Tim O'Brien

Sonatype’s Charles Gold has just published an article in the ISACA Journal: “Mitigating the Risk of OSS Software”. Here’s an excerpt from his ISACA blog discussing the article: “[I]t has been reported that up to 80 percent of custom software code created today is assembled from open-source components. Upon closer examination, we see a software […]

Continue reading...

New Webinar: Managing Your .NET Components with Nexus and NuGet


March 19, 2012 By
Emily Blades

Join Brian Fox for 30 minutes on Thursday, March 29 to learn how Nexus will improve collaboration and control while speeding your .NET development. In this session Brian will give you the information you need to get started. He’ll show you how to set up your environment and configure Visual Studio and Nexus. All registrants […]

Continue reading...