Category Archives: Everything Open Source

Sonatype Nexus Security Advisory


January 16, 2014 By
Brian Fox
Security Advisory

Sonatype Nexus Security Advisory Date: January 14, 2014 Affected Versions: Nexus OSS/Pro versions prior to and including 2.7.0-06 Summary: A critical security vulnerability has been discovered by Sonatype in Nexus requiring immediate action. The vulnerability makes use of an execution path in an open source library that we have now (with the available patch) added […]

Continue reading...

Who Really Wrote Healthcare.gov?


December 23, 2013 By
Wayne Jackson
Healthcare.gov

Opening a Dialogue About Supply Chain Risk Management in a World Powered by Open Source Software. As Marc Andreessen famously observed, “software is eating the world”. The proliferation of software is, indeed, transformational – it is everywhere, in laptops, of course, but also in cars, planes, phones, pacemakers, insulin pumps, refrigerators, thermostats, you name it. […]

Continue reading...

FinSvcs Working Group (FS-ISAC) Takes on Open Source Components


December 2, 2013 By
Derek Weeks
fs-isac thumbnail

Applications are becoming the primary security threat vector. Since applications are constructed from 3rd party components, there continues to be a tremendous amount of industry effort and impetus behind managing open source components effectively. And now we can add the Financial Services / Information Sharing and Analysis Center (FS-ISAC) to the list.

Continue reading...

What’s Happening in the Land of Open Source Components


November 27, 2013 By
Derek Weeks

We continue to see exponential growth in requests from the Central Repository. In fact, there were 8 Billion requests in 2012 – and it is looking like this year will total up to 13 Billion requests.Given these trends, the time seemed right for a series of blog posts that address recent activity in the area of open source governance and security

Continue reading...

Should your devops pipeline consider component intelligence?


October 31, 2013 By
Manfred Moser

In the Nexus Live event John Nagro and Tom McLaughlin from HubSpot detailed how they are using
Nexus as a repository for their development and release components. They
found that they need to be able to quickly create another virtual
machine as part of their build infrastructure to react to changes in
datacenter locations and other parameters.

Continue reading...

Simplified Releases to the Central Repository with Nexus


September 30, 2013 By
Manfred Moser

The Central Repository continues to be the largest repository of binary components for Java developers and beyond. A majority of open source projects including organizations such as Apache Software Foundation, Google , Github and many more take advantage of the free hosting via the Sonatype Open Source Software Repository Hosting OSSRH. The release automation for […]

Continue reading...

Move Left and Be More Secure


September 16, 2013 By
Jessica Dodson

Author Attribution: This post was written by a guest blogger: Mark Miller, Founder and Curator of Trusted Software Alliance. In a “50-in-50” interview on the Trusted Software Alliance site, Gary McGraw talked about the concept of ‘moving left’, or ‘shifting left’ when it comes to application security in the software life cycle. Traditional development leaves […]

Continue reading...

Sonatype Reduces Licensing Risks for .Net Developers with Integration to NuGet and Visual Studio


September 9, 2013 By
Karen Gardner

I continue to be in awe of this stat: the composition of today’s applications is often as high as 90% open source components and only 10% custom source code. A true testament to the value of open source in helping speed the delivery of custom built applications. (This amazing, but true, stat is based on […]

Continue reading...

NSA & Open Source: Another Controversy Brewing?


September 5, 2013 By
Derek Weeks

I attended the NSA Open Source Industry Day in Maryland and thought I’d summarize what did and didn’t surprise me. We’ll see if these observations prove controversial or helpful! More importantly we’ll see if organizations can effectively manage, govern, and secure their applications given the reality of open source, agile development practices and component-based development. […]

Continue reading...