Category Archives: Sonatype Says

Never a More Interesting Time


August 26, 2014 By
Derek Weeks
RANT

“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Light, it was the season of Darkness, it was the spring of hope, it was the winter of despair, we had everything before us, we had nothing before us…”, penned Charles Dickens in 1859’s A Tale of Two Cities.

Continue reading...

SSL Connectivity for all Central Repository users Underway


July 30, 2014 By
Brian Fox
SSL Security

We’ve had quite a bit of public scrutiny recently over how we’ve chosen to provide SSL access to Central for the last two years. At Sonatype, we have a history of investments in the Maven Central community, all of which are focused on improving the quality of the contents, increasing reliability and performance of delivery, and yes, even strengthening security which is often not popular (how many gripes can you find about why we require PGP signatures on artifacts?)

Continue reading...

Part 2: The Internet of Everything: Code, Cars, and More


July 24, 2014 By
Wayne Jackson
Bill of Materials

In part one of my blog, It’s Just the Way Software is Made, I discussed the realities of how software is made, the birth of agile development, and the advent of component-based software development. Today, we will drive down the software supply chain to understand where your software has really coming from. I’ll also discuss why it’s important for us to instill high quality standards and governance policies in our “parts” ecosystem.

Continue reading...

Part 1: The Internet of Everything: Code, Cars, and More


July 17, 2014 By
Wayne Jackson
Automobile Supply Chain

Just like automobile manufacturers, software “manufacturers” need to apply supply chain management principles for both efficiency and quality. They need to be prepared to conduct a rapid and comprehensive “recall” when a defect is found. And today’s modern development practices make this, well, challenging to say the least.

Continue reading...

Securosis Dives Deep into our 2014 Survey


July 2, 2014 By
Derek Weeks
True State of Open Source Security

There are two ways to motivate others to action: emotional appeal and fact based analysis. Our 2014 Open Source and Application Security survey results touched on both. We’ve run this survey for the past four years, but this time we decided to reveal the results in a new way. Rather than let our marketing team “spin” the results, we wanted to provide you a completely independent perspective focus on both open source development and application security. Adrian Lane, CTO and Security Analyst, at Securosis jumped at the chance. We provided him the raw survey results data and he agreed to write the analysis. We did not ask or direct him on what to write; in fact, Securosis’ Totally Transparent Research methodology does not allow companies like Sonatype to influence their research.

Continue reading...

We’re bringing sexy back, Sonatype hits the catwalk


June 24, 2014 By
Derek Weeks
Open Source, New Sexy?

Enthusiasm for securing the software supply chain is growing in both conversation and practice. For the past year, Sonatype has called for a new approach to securing the software supply chain that gives organizations an opportunity to protect their business and their applications from hacker exploits — taking a frictionless approach built into the supply chain and software development lifecycle, as opposed to bolt-on solutions looking for vulnerabilities later in the development process.

Continue reading...

5 Things You Need to Know About Open Source Components


June 4, 2014 By
Mark Miller
Component Vulnerability Stats

You can’t get away from it. Thousands of open source components are being used in every industry, every day, to quickly build and deploy applications. For those not in the security industry, it’s hard to keep track of what is being done in this field to manage and monitor open source usage. This article is the first in a series where we will talk about open source in layman terms, identify how prevalent open source is in the modern development environment and how teams are approaching the management of such a multi-headed hydra.

Continue reading...

On the Shoulders of Giants: Influential Books for Software Developers


May 16, 2014 By
Jamie Whitehouse
Shoulders of Giants

While there are many books I have read during my career as a software engineer, there are a handful that have been influential in my thinking. Here are my top 2 books for software developers. If you’ve read them before, you might want to read them again through the experience lens of your development career.

Continue reading...