Applications are becoming the primary security threat vector. Since applications are constructed from 3rd party components, there continues to be a tremendous amount of industry effort and impetus behind managing open source components effectively. And now we can add the Financial Services / Information Sharing and Analysis Center (FS-ISAC) to the list.
We continue to see exponential growth in requests from the Central Repository. In fact, there were 8 Billion requests in 2012 – and it is looking like this year will total up to 13 Billion requests.Given these trends, the time seemed right for a series of blog posts that address recent activity in the area of open source governance and security
Part 3 — Part 4 Component-Capable Release Management is Key to DevOps – Part 5 Up Next DevOps conversations are dominated by release management and production deployment. These are the primary topics at the DevOps conferences that we have attended in Atlanta, New York, Vancouver, Portland, Barcelona and London. This concerns me at some […]
One of the approaches to software that I strongly believe in is taking advantage of latest product innovations in all new releases. I think it’s important to upgrade to the latest versions of build tools and components as soon as you can.
Well there is nothing like an updated specification that drives action or interest in a topic. We’re seeing that with the introduction of PCI 3.0. While there are several key updates to the specification, the one I find most interesting reflects the reality of how applications are constructed today – from components. It’s great to […]
Sonatype Nexus can easily be integrated with external systems due to the fact that all functionality is available via various REST API calls. On the other hand Nexus can be expanded by writing plugins for Nexus that customize it and add further functionality.
Part 2 — Part 3 of Component Management Strategy and DevOps – Part 4 Up Next Ok, I need a “blog post delivery tool chain” because part 3 in my DevOps series of blog posts is woefully behind my expected delivery date. It’s like a broken development process – I’m […]
In the Nexus Live event John Nagro and Tom McLaughlin from HubSpot detailed how they are using
Nexus as a repository for their development and release components. They
found that they need to be able to quickly create another virtual
machine as part of their build infrastructure to react to changes in
datacenter locations and other parameters.
CONTROL, ENFORCEMENT, APPROVALS, POLICIES These concepts run counter to fast, agile, based-development. These words make developers cringe, they are “4 letter words”. Could it be that the problems with these concepts is not what they are trying to accomplish, but how they are implemented? They are intended to ensure that applications developers create are trusted, […]
We have been participating in the devopsdays events by presenting an ignite talk on how DevOps need to be aligned with how applications are constructed today – with open source components. The ignite presentation style is really interesting – you have 5 minutes to present 20 slides that advance automatically every 15 seconds. I started […]