As part of our launch of Nexus 2.0 and the Repository Health Check, we’re telling some stories about security and how security affects working developers. As developers we’re not always focused on security, but as attacks grow more complex, more aware of platforms like Java and .NET, and more capable of affecting custom application code, security is going to play an increasingly important role in development. In this post, I talk about a security incident I watched unfold last year and identify some of the lessons I walked away from the experience with.
But first, a message from our sponsor: Sonatype’s Nexus 2.0 offers a Repository Health Check. It’s not an answer to security by itself, but it can play a critical part in a larger, organization-wide approach to security. If you are developing applications with Tomcat, Spring, and other well-known components you’d be surprised at the kinds of vulnerabilities that are floating around in production. Once you have this capability to run a detailed RHC report in Nexus Professional, you can remove these components from applications, iterate, and get rid of known vulnerabilities. Click here to learn more about Nexus 2.0.