Author Archives: Derek Weeks

About Derek Weeks

Derek joined Sonatype in 2014 as their VP Product Marketing. He believes we need to set a new standard for creating trusted applications at the speed of development and securing the software supply chain. He also believes the key to this solution lies within automation, education, and perseverance. In the world of applications, he believe that as long as there is enough prey, there will be predators, and he is hoping to help organizations build the greatest level of sustainable defense practices.

Yes, Policies Can Actually Speed Development


October 31, 2013 By
Derek Weeks

CONTROL, ENFORCEMENT, APPROVALS, POLICIES These concepts run counter to fast, agile, based-development. These words make developers cringe, they are “4 letter words”. Could it be that the problems with these concepts is not what they are trying to accomplish, but how they are implemented? They are intended to ensure that applications developers create are trusted, […]

Continue reading...

Atlanta DevOps Days Recap: Next Up NYC, Vancouver & Portland


October 17, 2013 By
Derek Weeks

We have been participating in the devopsdays events by presenting an ignite talk on how DevOps need to be aligned with how applications are constructed today – with open source components. The ignite presentation style is really interesting – you have 5 minutes to present 20 slides that advance automatically every 15 seconds. I started […]

Continue reading...

(ISC)² Global InfoSec Study – App Vulnerabilities are #1 Concern


September 30, 2013 By
Derek Weeks

The (ISC)2 Global Information Workforce Study CXO Report was recently released. The report found some interesting and troubling data on application security. While security executives noted that application vulnerabilities were their top concern, this did not translate into how their security team invested their time – in fact, focusing on software development was at the […]

Continue reading...

Using Your Repository Manager to Optimize Component Usage


September 24, 2013 By
Derek Weeks

We constantly receive inquiries about how organizations can get the most out of their repository manager. We thought it would be good to address this topic in a series of webinars. While preparing for the webinars, we looked at problems that afflicted organizations who aren’t using a repository manager. Developers Waste Time downloading a massive […]

Continue reading...

Agile, Component Development & DevOps – A Natural Match


September 23, 2013 By
Derek Weeks

Can you think of a technology concept that is more hyped than DevOps? We’ve moved past cloud & virtualization, and while not as hyped as Big Data or mobile, everyone on the development and operations side is talking about DevOps, not to mention DevOpsSec.  Using several blog posts, I’m going to layout the vision for […]

Continue reading...

Policy Hierarchy & Inheritance: Simplified Policy Management


September 13, 2013 By
Derek Weeks

We are pleased to announce the availability of Sonatype 1.6. This release is focused on policy hierarchy and inheritance support and includes a revamped user experience. The development team has also added a number of new quick start guides including one that provides guidance on policy management. Jeff Wayman does a great job of describing […]

Continue reading...

NSA & Open Source: Another Controversy Brewing?


September 5, 2013 By
Derek Weeks

I attended the NSA Open Source Industry Day in Maryland and thought I’d summarize what did and didn’t surprise me. We’ll see if these observations prove controversial or helpful! More importantly we’ll see if organizations can effectively manage, govern, and secure their applications given the reality of open source, agile development practices and component-based development. […]

Continue reading...

Application Security: Focus on flaws, not on bugs


September 3, 2013 By
Derek Weeks

I recently listened to Gary McGraw’s interview on the Trusted Software Alliance Website. One thing he said (among many) that captured my attention was work that Cigital is doing on architecture risk analysis. Gary noted that security defects can be the result of bugs or flaws. “We pay more attention to (application) bugs and we need […]

Continue reading...