<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Sonatype Blog

Stay updated on the latest news from the makers of Nexus

TED Talks Security: 3 Provoking Discussions

I love watching TED Talks. To me, they are 15 well-spent minutes watching experts around the world provide great insights into things I thought I knew well. Some I had never imagined or topics on which I want to gain a deeper perspective.

A Home for the Central Repository

Since its inception in 2002, the Central Repository has grown to be the largest component repository of Java and other JVM, Android, related components and beyond. It is the default repository for Apache Maven, sbt and Leiningen, and it can easily be used from Gradle, Apache Ivy and others. The Central Repository has become the default destination for open source projects that want to publish their components and reach millions of fellow developers. With its many servers powering a high performance delivery network, developers can rest assured that their components are delivered reliably and quickly.

Open Source Observations from RSA

Wow – have 2 weeks already passed since RSA? Before we get too far out from the event, I thought I’d share a few observations …

An Open Discussion on Open Source Review Boards

The recent FS-ISAC whitepaper, “Appropriate Software Security Control Types for Third Party Service and Product Providers”, reveals the majority of internal software applications created by financial services involve acquiring open source components and libraries to augment custom developed software. While open source code is freely available and reviewed by many independent developers, that review effort does not translate into all software components and libraries being free from risk.

Ready to Take the 2 Minute Nexus Challenge? Watch our First Challenger Live.

For those that don't know me, I am the new Nexus community advocate and now moderator of Nexus Live. I've kicked off my first session of the year with fellow community advocate, Manfred Moser and Manager QA & Support, Rich Seddon. The session started with Rich clarifiying the Nexus Security Advisory from March 3rd. We then moved onto the fun part, where I challenged Manfred to the first of three, Nexus 2 Minute Challenges, where he showed three things that can be done in Nexus in less than two minutes.

The Tipping Point: Human Speed vs. Machine Speed

What can the financial services industry learn from the U.S. Department of Homeland Security? In this third segment of my blog series on open source component security as it relates to the recently updated Financial Services Information Sharing and Analysis Center (FS-ISAC) guidelines, I explore the need for speed: humans vs. machines.