Author Archives: Derek Weeks

About Derek Weeks

Derek joined Sonatype in 2014 as their VP Product Marketing. He believes we need to set a new standard for creating trusted applications at the speed of development and securing the software supply chain. He also believes the key to this solution lies within automation, education, and perseverance. In the world of applications, he believe that as long as there is enough prey, there will be predators, and he is hoping to help organizations build the greatest level of sustainable defense practices.

Trusting Third-Party Code That Can’t Be Trusted


July 22, 2014 By
Derek Weeks
Code that can't be trusted

Paul Roberts (@paulfroberts) at InfoWorld recently shared his perspective on “5 big security mistakes coders make”. First on his list was trusting third-party code that can’t be trusted. Paul shares: “If you program for a living, you rarely — if ever — build an app from scratch. It’s much more likely that you’re developing an application from a pastiche of proprietary code that you or your colleagues created, partnered with open source or commercial, third-party software or services that you rely on to perform critical functions.

Continue reading...

Open source components, a fine vintage or sour milk?


July 8, 2014 By
Derek Weeks
Software and Wine

The U.S. recently overtook France as the world’s largest wine market. And here at Sonatype, we can proudly say we’ve contributed to this achievement. By not only consuming our fair share of wine but by also being involved — outside of work — in crafting our own wines. Over the 4th of July holiday, I was able to enjoy some of the wine I’ve aged over the years. For the best wines, aging can create spectacular results years down the line. Unfortunately, the same cannot be said for code and components used in today’s applications. Where aging improves a fine wine, code ages more like milk.

Continue reading...

Securosis Dives Deep into our 2014 Survey


July 2, 2014 By
Derek Weeks
True State of Open Source Security

There are two ways to motivate others to action: emotional appeal and fact based analysis. Our 2014 Open Source and Application Security survey results touched on both. We’ve run this survey for the past four years, but this time we decided to reveal the results in a new way. Rather than let our marketing team “spin” the results, we wanted to provide you a completely independent perspective focus on both open source development and application security. Adrian Lane, CTO and Security Analyst, at Securosis jumped at the chance. We provided him the raw survey results data and he agreed to write the analysis. We did not ask or direct him on what to write; in fact, Securosis’ Totally Transparent Research methodology does not allow companies like Sonatype to influence their research.

Continue reading...

We’re bringing sexy back, Sonatype hits the catwalk


June 24, 2014 By
Derek Weeks
Open Source, New Sexy?

Enthusiasm for securing the software supply chain is growing in both conversation and practice. For the past year, Sonatype has called for a new approach to securing the software supply chain that gives organizations an opportunity to protect their business and their applications from hacker exploits — taking a frictionless approach built into the supply chain and software development lifecycle, as opposed to bolt-on solutions looking for vulnerabilities later in the development process.

Continue reading...

Walking in the Open Source Component Garden


June 17, 2014 By
Derek Weeks
Parallels of OSS and Gardens

Its not everyday I can stop to enjoy my afternoon tea outside on my deck, overlooking my garden. But today I did and while admiring my beautiful blooming flowers, I started to draw some parallels between my garden and software development. Full disclosure, I wouldn’t consider myself a true gardener. I buy plants that have already been cultivated to a mature stage on someone else’s farm or in someone else’s greenhouse.

Continue reading...

3 Reasons Manual Policies Just Don’t Work


June 10, 2014 By
Derek Weeks
Current State of Open Source Policies

Over the past four years, Sonatype has surveyed open source development organizations and year after year, we find that developers have the best intentions. They strive to build good quality code, free of defects and flaws but when it comes to policies that enforce these standards, the manual review process is at odds with how developers really work. If you don’t believe me, here are just a few examples of how developers describe the challenge manual policies create.

Continue reading...

RebelLabs Java Survey Results: Developers Love Nexus


June 2, 2014 By
Derek Weeks
Nexus Leaderboard

Another informative and well-presented RebelLabs survey has hit the streets. Their 2014 Java Tools and Technologies Landscape report was just released and hats off to them for ‘their better than ever response rate’ and their good will for charity donations from each completed survey response. This year’s survey covers more than a dozen different tool/technology segments within the Java industry.

Continue reading...

Cheeseburger Risk: Not for the Faint of Heart


May 20, 2014 By
Derek Weeks
Cheeseburger Risk

If you had a heart attack, would you stop eating cheeseburgers? For most people, the answer is “No”. A recent survey of 1,000 survivors found that 60 percent of heart attack victims weren’t sticking to a healthy diet and about 30 percent still had high cholesterol and blood pressure. Hey, old habits (especially the tasty ones) die hard. Funny thing is, the same behavior for those who have suffered a heart attack is found in application security. If you have been breached, chances are you have not changed your security diet.

Continue reading...

DevOps: The Last Great Hope for Application Security?


April 8, 2014 By
Derek Weeks
DevOps: The Last Great Hope of Application Security?

Once upon a time, there was a great battle between speed and security. Development wanted to go fast. But, security wanted to slow down and be safe. For years, they endured the pain of testing late in the lifecycle, sorting through reams of false positive reports, and dealing with the added cost of pushing bad software out the door. They knew there had to be a better way…

Continue reading...

2014 Open Source Development Survey: Making Results Matter


April 1, 2014 By
Derek Weeks
mindstorm

Want to win a programmable LEGO robot? Share your voice in this year’s survey. The real intent of the Open Source Development Survey is to SPARK DISCUSSION. Remember, it’s not the stats that count…it’s the value of the discussions that follow that make this survey so important. So take 5 minutes and take the survey. (it takes less than 5 minutes, we promise)

Continue reading...