Monthly Archives: July 2014

Outnumbered, Again


July 30, 2014 By
Derek Weeks
Screen Shot 2014-08-07 at 9.01.29 AM

I remember it clearly. Sitting down for breakfast, I opened the Sydney Morning Herald to see the latest headlines in Australia for the day. As I shuffled through the paper, I finally landed upon the Technology section and then noticed pages and pages of “help wanted” adds.

Continue reading...

SSL Connectivity for all Central Repository users Underway


By
Brian Fox
SSL Security

We’ve had quite a bit of public scrutiny recently over how we’ve chosen to provide SSL access to Central for the last two years. At Sonatype, we have a history of investments in the Maven Central community, all of which are focused on improving the quality of the contents, increasing reliability and performance of delivery, and yes, even strengthening security which is often not popular (how many gripes can you find about why we require PGP signatures on artifacts?)

Continue reading...

Two AppSec Questions Always Asked


July 24, 2014 By
Brian Fox
CLM Dashboard

While Repository Health Checks are valuable, we just released something even better: the CLM 1.11 Dashboard. First of all, it helps you answer the first two critical open source vulnerability questions: did we ever use that and where is it? And, you can find out the answers to those questions in about three seconds.

Continue reading...

Part 2: The Internet of Everything: Code, Cars, and More


By
Wayne Jackson
Bill of Materials

In part one of my blog, It’s Just the Way Software is Made, I discussed the realities of how software is made, the birth of agile development, and the advent of component-based software development. Today, we will drive down the software supply chain to understand where your software has really coming from. I’ll also discuss why it’s important for us to instill high quality standards and governance policies in our “parts” ecosystem.

Continue reading...

Trusting Third-Party Code That Can’t Be Trusted


July 22, 2014 By
Derek Weeks
Code that can't be trusted

Paul Roberts (@paulfroberts) at InfoWorld recently shared his perspective on “5 big security mistakes coders make”. First on his list was trusting third-party code that can’t be trusted. Paul shares: “If you program for a living, you rarely — if ever — build an app from scratch. It’s much more likely that you’re developing an application from a pastiche of proprietary code that you or your colleagues created, partnered with open source or commercial, third-party software or services that you rely on to perform critical functions.

Continue reading...

Part 3: The Internet of Everything: Code, Cars, and More


July 21, 2014 By
Wayne Jackson
Component Complexity

In part two of my blog ‘A Closer Look at Today’s Software Supply Chain’, I discussed why human-speed supply chain management can’t keep pace with today’s agile software development practices and why high quality software components are not simply a given. In this final segment, I will share a real world story on how thousands of organizations sourced one “bad part” named Bouncy Castle in 2013.

Continue reading...

Are You Choosing the “Right” Component?


July 17, 2014 By
Manfred Moser
Component Choices

In our recent open source developer survey we asked, what are the TOP FOUR characteristics considered when selecting a component? And since components are the building blocks used when creating an application, selecting the right one is an important choice. Not surprisingly, the most important characteristic for the selection are the features and capabilities provided by the component. After all, if the component doesn’t fulfill your requirements then why use it?

Continue reading...

Part 1: The Internet of Everything: Code, Cars, and More


By
Wayne Jackson
Automobile Supply Chain

Just like automobile manufacturers, software “manufacturers” need to apply supply chain management principles for both efficiency and quality. They need to be prepared to conduct a rapid and comprehensive “recall” when a defect is found. And today’s modern development practices make this, well, challenging to say the least.

Continue reading...

Stewing Over Software Ingredients


July 15, 2014 By
Ryan Berg
Fresh Ingredients

Just the other day I was planning dinner for my family and thought it would be a great idea to bust out the Dutch oven I had to have, but rarely use, and make a nice stew. I ran to the grocery store to grab some fresh carrots, turnips, onions, a couple of Yukon Gold potatoes, and some fresh chicken (and a bottle of nice wine for the thirsty chef). I needed a quick start and an on-time finish. Or it would be another failed product delivery — followed by a rapid desire by my family to outsource.

Continue reading...

The Atlassian Story with guest Tim Pettersen on Nexus Live


July 11, 2014 By
Mark Miller
Tim Pettersen

Developers around the world are using BitBucket, Stash, Confluence, Jira and HipChat to help manage their projects. In the July 31 installment of Nexus Live, we’ll talk with Tim Pettersen, Developer Advocate at Atlassian.  We’ll find out what’s in store for future releases and how his team is using Nexus to help manage their open […]

Continue reading...