In March, Manfred Moser and I introduced the concept of a “Nexus 2 Minute Challenge“, where I would ask Manfred to accomplish a specific task in Nexus in less than 2 minutes. The series was an immediate hit with over 1300 views within the first month. Here’s the inaugural video, Enable Component Version Discovery, from […]
Last week, I joined the Sonatype engineering team at the yearly summit where we got together and discussed the future roadmap for Nexus and CLM, talk with engineers who are doing the hands-on work on the projects and in general got caught up with each other. It’s always good to get this kind of face-to-face […]
As the HeartBleed bug wreaked havoc on the internet over the past few days, we at Sonatype began thinking about the lessons learned from this recent scare and how, collectively, we can develop a process for mitigating the next major exposure.
Once upon a time, there was a great battle between speed and security. Development wanted to go fast. But, security wanted to slow down and be safe. For years, they endured the pain of testing late in the lifecycle, sorting through reams of false positive reports, and dealing with the added cost of pushing bad software out the door. They knew there had to be a better way…
Code snippet scanning is a common question we get from prospects. We typically try to dig at why the prospect actually thinks they need snippet matching. We think this comes from mis-informed demand. To create conversation with the masses on this topic, I’ve shared my perspective so you have a complete picture of the risk and cost of code snippet scanning.
Want to win a programmable LEGO robot? Share your voice in this year’s survey. The real intent of the Open Source Development Survey is to SPARK DISCUSSION. Remember, it’s not the stats that count…it’s the value of the discussions that follow that make this survey so important. So take 5 minutes and take the survey. (it takes less than 5 minutes, we promise)