<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Sonatype Blog

Stay updated on the latest news from the makers of Nexus

Secure From the Start: Combining Open Source Policies, Practice & Tools

In my recent blog, 'Financial Services Organizations have Open Eyes on Open Source', I shared how Sonatype's company mission aligns with the recent FS-ISAC guidelines put out by the third party software security working group. In short, open source security can't be an after thought. Security isn't only the responsibility of 'security professionals' but instead a shared responsibility for all parties involved in developing or managing an organization's software supply chain. Better put in the FS-ISAC guidelines, "the most appropriate type of control for addressing the security vulnerabilities in open source, including older versions of the open source, is one that addresses vulnerabilities before the code is deployed—i.e. by applying policy controls in the acquisition and use of open source libraries by developers."

Sonatype & HP Partnership Offering a New Breed of Application Security










For details on the announcement, watch the full video http://youtu.be/jQWdBwUbW-I.

Today Sonatype and HP announced Sonatype’s Component Lifecycle Management (CLM) analysis technology has been integrated into HP’s cloud-based software security solution – HP Fortify on Demand. HP Fortify on Demand customers will have access to an Open Source Application Scan using the Sonatype CLM analysis technology from directly within the Fortify on Demand user experience.

HP Fortify on Demand delivers comprehensive, accurate and affordable security assessments that identify vulnerabilities in any application —web, mobile, infrastructure or cloud. Sonatype provides analysis and identification of third party and open source components commonly used as building blocks in modern applications – with a focus on security, license, quality, and policy issues. Together, these capabilities deliver a new level of visibility and analysis into overall application security and risk.

For more detailed information about this new breed of application security from HP and Sonatype, please visit http://www.sonatype.com/fortify.

Financial Services Organizations have Open Eyes on Open Source

Let me open your eyes to a tidal wave of change that has already flooded the development organizations across Financial Services and other industries:

AppSec / DevOps Survey: 63% Concerned with Open Source

A sneak peek at interim results from the “Developers and Application Security: Who is Responsible?” 2014 survey are in, and there’s still time for you to participate. Here’s a little something for you to think about.