Just like automobile manufacturers, software “manufacturers” need to apply supply chain management principles for both efficiency and quality. They need to be prepared to conduct a rapid and comprehensive “recall” when a defect is found. And today’s modern development practices make this, well, challenging to say the least.
As the HeartBleed bug wreaked havoc on the internet over the past few days, we at Sonatype began thinking about the lessons learned from this recent scare and how, collectively, we can develop a process for mitigating the next major exposure.
Opening a Dialogue About Supply Chain Risk Management in a World Powered by Open Source Software. As Marc Andreessen famously observed, “software is eating the world”. The proliferation of software is, indeed, transformational – it is everywhere, in laptops, of course, but also in cars, planes, phones, pacemakers, insulin pumps, refrigerators, thermostats, you name it. […]
Today we announced Sonatype Insight™, a new product line designed to help application development organizations gain better visibility and control over their use of open source components. This is an exciting step in the evolution of Sonatype. From our early beginnings with the Apache Maven project, to our leadership on such key projects as Nexus, […]
Sonatype’s perspective regarding the Hudson Project is pretty simple: we have been and will continue to be committed to advancing Hudson and making better software available to the community of Hudson users. Very recently, Sonatype completed significant development in the evolution of Hudson’s core architecture. The benefits of these changes include better leveraging of industry […]
When Sonatype originally chose the GPL license for Nexus, our goal was to provide an innovative OSS repository management technology to the community while also allowing Sonatype to grow a commercial product (Nexus Professional) by adding enterprise features on top of an open source core. At that time, Sonatype decided to use the GPL license […]