Category Archives: Everything Open Source

[Part 3] Code, Cars, and Congress: A Time for Cyber Supply Chain Management


December 16, 2014 By
Wayne Jackson
royce

  On December 4th, 2014, U.S. Congressional Representatives Ed Royce (R-CA) and Lynn Jenkins (R-KS) introduced H.R. 5793, the “Cyber Supply Chain Management and Transparency Act of 2014.” The legislation will ensure all contractors of software, firmware or products to the federal government provide the procuring agency with a bill of materials of all third […]

Continue reading...

[Part 2] Code, Cars, and Congress: A Time for Cyber Supply Chain Management


December 8, 2014 By
Wayne Jackson
code2

On December 4th, 2014, U.S. Congressional Representatives Ed Royce (R-CA) and Lynn Jenkins (R-KS) introduced H.R. 5793, the “Cyber Supply Chain Management and Transparency Act of 2014.” The legislation will ensure all contractors of software, firmware or products to the federal government provide the procuring agency with a bill of materials of all third party and open source components […]

Continue reading...

Code, Cars, and Congress: A Time for Cyber Supply Chain Management


December 5, 2014 By
Wayne Jackson
Cyber Supply Chain Management and Transparency Act of 2014

On December 4th, 2014, U.S. Congressional Representatives Ed Royce (R-CA) and Lynn Jenkins (R-KS) introduced H.R. 5793, the “Cyber Supply Chain Management and Transparency Act of 2014.” The legislation will ensure all contractors of software, firmware or products to the federal government provide the procuring agency with a bill of materials of all third party […]

Continue reading...

Rubyists Rejoice – Nexus Supports RubyGem Repositories


December 2, 2014 By
Brian Fox
gem

We have done it again! Our Nexus development team has been busy this fall.  With Nexus 2.9 in September, we introduced NuGet support for Nexus Open Source.  In October Nexus 2.10 introduced npm support for all Nexus editions.  And now with Nexus 2.11, we are adding Ruby Gem Repository support! We are happy to announce […]

Continue reading...

Talking Turkey in Texas: Open Source Governance Lags


November 25, 2014 By
Derek Weeks
tt

Deep in the heart of Texas, I was leading a panel discussion at the Lone Star Application Security Conference (LASCON) a few weeks ago.  The panel was “talking turkey” the importance of application security and open source software development, when the conversation led to a discussion about software supply chains. One of the panelists remarked […]

Continue reading...

42,000 Nexus Repository Managers, and Growing!


November 19, 2014 By
Derek Weeks
Nexus Artifactory Archiva

Over the past 15 months, active Nexus instances have grown from 21,000 to 42,000.  Wowza.   That is news worth sharing, because you made it happen! This means our global Nexus customer base added 47 new instances every single day over that same period.  47 a day!  And the volume of active instances continues to […]

Continue reading...

Nigel’s Wake-up Call: Scaling Open Source Governance


November 3, 2014 By
Derek Weeks
shock

The Wake-up Call They had downloaded over 200,000 open source components in the past year.  And their open source policy…the one established to protect against license risks and security vulnerabilities?  It covered about 3% of them. This is how Nigel Simpson, Director of Architecture at a major media and entertainment company, described his organization’s “huge” […]

Continue reading...

Who is Nigel Simpson? (Lessons of Open Source Governance)


October 28, 2014 By
Derek Weeks
Who is Nigel Simpson?

If you are in the midst of creating (or even planning to implement) an Open Source Governance Policy for your organization, then you’ll want to get to know Nigel Simpson. Nigel has been leading an enterprise-wide working group with over 40 members — at a really big entertainment and media company — to define his […]

Continue reading...

The Two-Minute Open Source Risk Assessment


October 21, 2014 By
Derek Weeks
time 3

In two minutes, we can show you if there are any open source risks within your Java application.  And it’s free. That’s right, at Sonatype, we could not be more in favor of the code reuse that occurs millions of times a day thanks to the availability of open source and third-party components.  At the […]

Continue reading...

Skeleton Key


September 19, 2014 By
Derek Weeks
Skeleton Key

A skeleton key is capable of opening any lock regardless of make or type. Do you know anyone who has one? I do. Lots of them. At the HP Protect conference last week in Washington DC, the theme of their conference was “think like a bad guy”. They introduced us to known hackers, their approaches to infiltrating organizations, and the trends in their behaviors. They also introduced us to the people who hunted down the hackers and successfully captured them.

Continue reading...