Author Archives: Derek Weeks

About Derek Weeks

Derek joined Sonatype in 2014 as their VP Product Marketing. He believes we need to set a new standard for creating trusted applications at the speed of development and securing the software supply chain. He also believes the key to this solution lies within automation, education, and perseverance. In the world of applications, he believe that as long as there is enough prey, there will be predators, and he is hoping to help organizations build the greatest level of sustainable defense practices.

Who is Nigel Simpson? (Lessons of Open Source Governance)


October 28, 2014 By
Derek Weeks
Who is Nigel Simpson?

If you are in the midst of creating (or even planning to implement) an Open Source Governance Policy for your organization, then you’ll want to get to know Nigel Simpson. Nigel has been leading an enterprise-wide working group with over 40 members — at a really big entertainment and media company — to define his […]

Continue reading...

The Two-Minute Open Source Risk Assessment


October 21, 2014 By
Derek Weeks
time 3

In two minutes, we can show you if there are any open source risks within your Java application.  And it’s free. That’s right, at Sonatype, we could not be more in favor of the code reuse that occurs millions of times a day thanks to the availability of open source and third-party components.  At the […]

Continue reading...

Bash 2014 – This Is Not a Party


September 25, 2014 By
Derek Weeks
bash

I can honestly say that although referred to by the media as Shellshocked, I am neither shocked nor awed. I can’t say that I am a fan of the latest glorification of bugs like Heartbleed and Shellshock in a fashion similar to tropical storms, but if it gets more people to pay attention to the exponential growth of our reliance on software I can’t say I am too worked up about it either. One thing that is unarguable is that this just happens to be the latest (and if you are reading this before you have patched stop right now, patch, and then come back to finish).

Continue reading...

What Happened Sept 16th?


September 23, 2014 By
Derek Weeks
OWASP Board

We led an invasion last week armed with a flying drone, glowing lightsabers, and the latest knowledge on open source security vulnerabilities. Our mission? Lead, share, educate, moderate, and have some fun. Our coordinates? This year’s AppSecUSA 2014 event in Denver, Colorado. If you were there, you couldn’t miss us. If you weren’t there, don’t fret…they caught the entire thing on video.

Continue reading...

Skeleton Key


September 19, 2014 By
Derek Weeks
Skeleton Key

A skeleton key is capable of opening any lock regardless of make or type. Do you know anyone who has one? I do. Lots of them. At the HP Protect conference last week in Washington DC, the theme of their conference was “think like a bad guy”. They introduced us to known hackers, their approaches to infiltrating organizations, and the trends in their behaviors. They also introduced us to the people who hunted down the hackers and successfully captured them.

Continue reading...

11,000 Voices


September 16, 2014 By
Derek Weeks
Appsec Panel

This week, I will be attending AppSec USA in Denver with the rest of our Sonatype crew. While it will be my first time attending the event, I am really excited to be leading a panel discussion at the event this Thursday. If you will be at the event, please come by the session or the Sonatype booth (G10) and say hello. So what’s the panel discussion about?

Continue reading...

Time for Full Open Source Disclosure


September 12, 2014 By
Derek Weeks
Gartner Full Disclosure

We are not the first industry to face this challenge. But many are convinced our problem is much smaller than it really is or that it does not exist. They simply ignore it. Or choose to do nothing about it. Meanwhile, the problem is multiplying like rabbits. The challenge lies within our software. Within the quality of its supply chain, within our collective ability to maintain its health, and within our ability to establish easy (yes, I said easy) paths to ban rampant, yet avoidable risks.

Continue reading...

Gartner Goes Development-Centric


September 11, 2014 By
Derek Weeks
Gartner Research

Recently, Gartner published a new research report that says by 2016, “the vast majority of mainstream IT organizations will leverage nontrivial elements of open source software (directly or indirectly) in mission- critical IT solutions. However, most will fail to effectively manage these assets in a manner that minimizes risk and maximizes ROI.”

Continue reading...

Never a More Interesting Time


August 26, 2014 By
Derek Weeks
RANT

“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Light, it was the season of Darkness, it was the spring of hope, it was the winter of despair, we had everything before us, we had nothing before us…”, penned Charles Dickens in 1859’s A Tale of Two Cities.

Continue reading...

Outnumbered, Again


July 30, 2014 By
Derek Weeks
Screen Shot 2014-08-07 at 9.01.29 AM

I remember it clearly. Sitting down for breakfast, I opened the Sydney Morning Herald to see the latest headlines in Australia for the day. As I shuffled through the paper, I finally landed upon the Technology section and then noticed pages and pages of “help wanted” adds.

Continue reading...