Category Archives: Everything Open Source

Move Left and Be More Secure


September 16, 2013 By
Jessica Dodson

Author Attribution: This post was written by a guest blogger: Mark Miller, Founder and Curator of Trusted Software Alliance. In a “50-in-50” interview on the Trusted Software Alliance site, Gary McGraw talked about the concept of ‘moving left’, or ‘shifting left’ when it comes to application security in the software life cycle. Traditional development leaves […]

Continue reading...

Sonatype Reduces Licensing Risks for .Net Developers with Integration to NuGet and Visual Studio


September 9, 2013 By
Karen Gardner

I continue to be in awe of this stat: the composition of today’s applications is often as high as 90% open source components and only 10% custom source code. A true testament to the value of open source in helping speed the delivery of custom built applications. (This amazing, but true, stat is based on […]

Continue reading...

NSA & Open Source: Another Controversy Brewing?


September 5, 2013 By
Derek Weeks

I attended the NSA Open Source Industry Day in Maryland and thought I’d summarize what did and didn’t surprise me. We’ll see if these observations prove controversial or helpful! More importantly we’ll see if organizations can effectively manage, govern, and secure their applications given the reality of open source, agile development practices and component-based development. […]

Continue reading...

Nexus 2.6: Much more than a new layer of paint


July 27, 2013 By
Manfred Moser

Generally speaking, when you talk to developers about new software releases, it can be a love or hate it kind of conversation. A new version of software can take many forms. You can find a lot has changed on the surface with new features but quickly realize it’s just new shine on the same old […]

Continue reading...

Sonatype applauds GitHub’s approach to encourage OSS license selection


July 18, 2013 By
Derek Weeks

GitHub’s move to encourage developers to select an open source license for source code published to GitHub highlights the need for organizations to properly manage license concerns. The Central Repository, sponsored by Sonatype, has long since required license information for binaries that are  added, but encouraging license selection as part of the source code process […]

Continue reading...

Join Us for Nexus Live: Profiling your Nexus installation using JMX


July 12, 2013 By
Emily Blades

Wondering what’s new in Nexus? Just ask the experts. Join Brian Fox and Richard Seddon for Nexus Live next Wednesday, July 17, 2013 from 12:00PM-1:00PM EDT (GMT-0400) to: Learn how to profile your Nexus installation using JMX Ask questions live and get answers from top community contributors and respected Nexus professionals How to join: No […]

Continue reading...

How Will you Manage the New Addition of A9 to the OWASP Top 10 List?


June 18, 2013 By
Jessica Dodson

It’s fair to say we were excited back in May when the OWASP community proposed A9 “ Using Components with Known Vulnerabilities” as a top 10 open source security risk – so now it’s official, component vulnerabilities are considered a critical web security flaw. But why has this addition warranted its own category, formerly classified […]

Continue reading...

Is it time for a Nexus Repository Health Check? Come to the Nexus Office Hours to get your Diagnosis.


May 27, 2013 By
Jessica Dodson

If your repository contained a jar file with a known vulnerability, how would you know? What would it mean to you to have that sort of visibility into your repository health? This isn’t probably something you consider often since one of the benefits of having a repository manager is enforcing component standards. But as you […]

Continue reading...

Join Us: Nexus Office Hours — This Friday!


April 23, 2013 By
Emily Blades

Wondering what’s new in Nexus? Just ask the experts. We’re hosting another Nexus Office Hours this Friday, on Google+ Hangout On Air. Our Nexus experts Brian Fox, Manfred Moser and Rich Seddon will demo the latest in Nexus and dedicate most of the hour to Q&A time with you! How to join: No registration required, […]

Continue reading...

Join Us: Nexus Office Hours – Friday, March 22, 2013 1PM-2PM EDT


March 11, 2013 By
Emily Blades

Wondering what’s new in Nexus? Wishing you had a chance to ask some of our Nexus experts about Nexus best practices? Here’s your chance. We’re pleased to announce that Sonatype will be hosting Nexus Office Hours each month starting in March! Our Nexus experts Brian Fox, Manfred Moser and Rich Seddon will demo the latest […]

Continue reading...