Author Archives: Derek Weeks

About Derek Weeks

Derek joined Sonatype in 2014 as their VP Product Marketing. He believes we need to set a new standard for creating trusted applications at the speed of development and securing the software supply chain. He also believes the key to this solution lies within automation, education, and perseverance. In the world of applications, he believe that as long as there is enough prey, there will be predators, and he is hoping to help organizations build the greatest level of sustainable defense practices.

Financial Services Organizations have Open Eyes on Open Source


February 20, 2014 By
Derek Weeks
Open Eyes on Open Source

Let me open your eyes to a tidal wave of change that has already flooded the development organizations across Financial Services and other industries: “Software applications are no longer coded from scratch. They are assembled from building blocks — commonly known as open source components.” This is not a prediction about a tidal wave to […]

Continue reading...

AppSec / DevOps Survey: 63% Concerned with Open Source


February 5, 2014 By
Derek Weeks
Devops Appsec

A sneak peek at interim results from the “Developers and Application Security: Who is Responsible?” 2014 survey are in, and there’s still time for you to participate. Here’s a little something for you to think about. Once upon a time, we used to develop our own software. But these days, we are developing 90% of […]

Continue reading...

FinSvcs Working Group (FS-ISAC) Takes on Open Source Components


December 2, 2013 By
Derek Weeks
fs-isac thumbnail

Applications are becoming the primary security threat vector. Since applications are constructed from 3rd party components, there continues to be a tremendous amount of industry effort and impetus behind managing open source components effectively. And now we can add the Financial Services / Information Sharing and Analysis Center (FS-ISAC) to the list.

Continue reading...

What’s Happening in the Land of Open Source Components


November 27, 2013 By
Derek Weeks

We continue to see exponential growth in requests from the Central Repository. In fact, there were 8 Billion requests in 2012 – and it is looking like this year will total up to 13 Billion requests.Given these trends, the time seemed right for a series of blog posts that address recent activity in the area of open source governance and security

Continue reading...

Component-Capable Release Management is Key to DevOps


November 18, 2013 By
Derek Weeks

Part 3  —   Part 4 Component-Capable Release Management is Key to DevOps  – Part 5 Up Next  DevOps conversations are dominated by release management and production deployment. These are the primary topics at the DevOps conferences that we have attended in Atlanta, New York, Vancouver, Portland, Barcelona and London. This concerns me at some […]

Continue reading...

PCI 3.0 – Secure Payment Requires Secure Components


November 14, 2013 By
Derek Weeks

Well there is nothing like an updated specification that drives action or interest in a topic. We’re seeing that with the introduction of PCI 3.0. While there are several key updates to the specification, the one I find most interesting reflects the reality of how applications are constructed today – from components. It’s great to […]

Continue reading...

Yes, Policies Can Actually Speed Development


October 31, 2013 By
Derek Weeks

CONTROL, ENFORCEMENT, APPROVALS, POLICIES These concepts run counter to fast, agile, based-development. These words make developers cringe, they are “4 letter words”. Could it be that the problems with these concepts is not what they are trying to accomplish, but how they are implemented? They are intended to ensure that applications developers create are trusted, […]

Continue reading...

Atlanta DevOps Days Recap: Next Up NYC, Vancouver & Portland


October 17, 2013 By
Derek Weeks

We have been participating in the devopsdays events by presenting an ignite talk on how DevOps need to be aligned with how applications are constructed today – with open source components. The ignite presentation style is really interesting – you have 5 minutes to present 20 slides that advance automatically every 15 seconds. I started […]

Continue reading...

(ISC)² Global InfoSec Study – App Vulnerabilities are #1 Concern


September 30, 2013 By
Derek Weeks

The (ISC)2 Global Information Workforce Study CXO Report was recently released. The report found some interesting and troubling data on application security. While security executives noted that application vulnerabilities were their top concern, this did not translate into how their security team invested their time – in fact, focusing on software development was at the […]

Continue reading...