Category Archives: Everything Open Source

Integrating with SonarQube


August 27, 2014 By
Brian Fox
Screen Shot 2014-08-26 at 9.15.17 AM

Many development organizations we work with have turned to SonarQube as a dashboard to visualize and measure their code quality. Customers using CLM want to surface known security vulnerabilities and license risk in the same place developers or executives already go to assess the overall quality of their application. To support this growing interest from […]

Continue reading...

Never a More Interesting Time


August 26, 2014 By
Derek Weeks
RANT

“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Light, it was the season of Darkness, it was the spring of hope, it was the winter of despair, we had everything before us, we had nothing before us…”, penned Charles Dickens in 1859’s A Tale of Two Cities.

Continue reading...

“Wait! Wait! Don’t pwn me!” from Black Hat 2014


August 14, 2014 By
Mark Miller
Wait Wait, Don't Pwn Me! -BlackHat-2014

At the Black Hat 2014 Conference in Las Vegas, Mark Miller, Community Advocate for Nexus, and Executive Producer of the OWASP 24/7 Podcast Series, presented the third installment of the OWASP security news quizz, “Wait, Wait! Don’t Pwn Me!”. Play along and see how many news stories you can identify for the month of August […]

Continue reading...

Part 2: The Internet of Everything: Code, Cars, and More


July 24, 2014 By
Wayne Jackson
Bill of Materials

In part one of my blog, It’s Just the Way Software is Made, I discussed the realities of how software is made, the birth of agile development, and the advent of component-based software development. Today, we will drive down the software supply chain to understand where your software has really coming from. I’ll also discuss why it’s important for us to instill high quality standards and governance policies in our “parts” ecosystem.

Continue reading...

Part 3: The Internet of Everything: Code, Cars, and More


July 21, 2014 By
Wayne Jackson
Component Complexity

In part two of my blog ‘A Closer Look at Today’s Software Supply Chain’, I discussed why human-speed supply chain management can’t keep pace with today’s agile software development practices and why high quality software components are not simply a given. In this final segment, I will share a real world story on how thousands of organizations sourced one “bad part” named Bouncy Castle in 2013.

Continue reading...

Are You Choosing the “Right” Component?


July 17, 2014 By
Manfred Moser
Component Choices

In our recent open source developer survey we asked, what are the TOP FOUR characteristics considered when selecting a component? And since components are the building blocks used when creating an application, selecting the right one is an important choice. Not surprisingly, the most important characteristic for the selection are the features and capabilities provided by the component. After all, if the component doesn’t fulfill your requirements then why use it?

Continue reading...

Part 1: The Internet of Everything: Code, Cars, and More


By
Wayne Jackson
Automobile Supply Chain

Just like automobile manufacturers, software “manufacturers” need to apply supply chain management principles for both efficiency and quality. They need to be prepared to conduct a rapid and comprehensive “recall” when a defect is found. And today’s modern development practices make this, well, challenging to say the least.

Continue reading...

Stewing Over Software Ingredients


July 15, 2014 By
Ryan Berg
Fresh Ingredients

Just the other day I was planning dinner for my family and thought it would be a great idea to bust out the Dutch oven I had to have, but rarely use, and make a nice stew. I ran to the grocery store to grab some fresh carrots, turnips, onions, a couple of Yukon Gold potatoes, and some fresh chicken (and a bottle of nice wine for the thirsty chef). I needed a quick start and an on-time finish. Or it would be another failed product delivery — followed by a rapid desire by my family to outsource.

Continue reading...

Securosis Dives Deep into our 2014 Survey


July 2, 2014 By
Derek Weeks
True State of Open Source Security

There are two ways to motivate others to action: emotional appeal and fact based analysis. Our 2014 Open Source and Application Security survey results touched on both. We’ve run this survey for the past four years, but this time we decided to reveal the results in a new way. Rather than let our marketing team “spin” the results, we wanted to provide you a completely independent perspective focus on both open source development and application security. Adrian Lane, CTO and Security Analyst, at Securosis jumped at the chance. We provided him the raw survey results data and he agreed to write the analysis. We did not ask or direct him on what to write; in fact, Securosis’ Totally Transparent Research methodology does not allow companies like Sonatype to influence their research.

Continue reading...

Nexus holds the top market share, the data speaks for itself


June 26, 2014 By
Manfred Moser
Nexus Captures Top Market Share

RebelLabs recently put out their Java Tools and Technologies Landscape report and we were very pleased to see Nexus chosen as the repository manager of choice by 64% of developers. We saw this same preference carry over in our own recent Open Source Development survey, where 49% of respondents indicated they used Nexus as their local component repository manager. Which brought us to analyze these market trends further .By digging into the log data from the Central Repository, we were able to capture more compelling proof that indeed, Nexus holds a significant portion of the repository manager marketplace and for good reason.

Continue reading...