In today’s Nexus Live Broadcast, Damon Edwards and his team from SimplifyOps introduced us to RunDeck, open source software that helps automate routine operational procedures in data center or cloud environments. He is seeing Nexus in many of his enterprise environments, so I thought it would be interesting to see an overview the product and […]
You can’t get away from it. Thousands of open source components are being used in every industry, every day, to quickly build and deploy applications. For those not in the security industry, it’s hard to keep track of what is being done in this field to manage and monitor open source usage. This article is the first in a series where we will talk about open source in layman terms, identify how prevalent open source is in the modern development environment and how teams are approaching the management of such a multi-headed hydra.
Another informative and well-presented RebelLabs survey has hit the streets. Their 2014 Java Tools and Technologies Landscape report was just released and hats off to them for ‘their better than ever response rate’ and their good will for charity donations from each completed survey response. This year’s survey covers more than a dozen different tool/technology segments within the Java industry.
In this segment of the Nexus 2 Minute Challenge, we’re going to look at the Nexus User Token feature. The user token relates to the username and password that is used to connect to Nexus. In this example, there is a Maven .xml file where the username and password is in clear text. This is […]
What happens if you are asked to manage multiple Nexus server instances? How can you tell which instance you are viewing? In this 2 Minute Challenge, we ask Manfred if he can change the header to specify which server instance he is using. Have a look… View the 2 Minute Challenge
What if you don’t want Nexus to serve from the default port. In this 2 Minute Challenge, we ask Manfred Moser if he can demo the change in under 2 minutes. Have a look… View the full video
If you had a heart attack, would you stop eating cheeseburgers? For most people, the answer is “No”. A recent survey of 1,000 survivors found that 60 percent of heart attack victims weren’t sticking to a healthy diet and about 30 percent still had high cholesterol and blood pressure. Hey, old habits (especially the tasty ones) die hard. Funny thing is, the same behavior for those who have suffered a heart attack is found in application security. If you have been breached, chances are you have not changed your security diet.
While there are many books I have read during my career as a software engineer, there are a handful that have been influential in my thinking. Here are my top 2 books for software developers. If you’ve read them before, you might want to read them again through the experience lens of your development career.
Over a month has passed since HeartBleed was announced to the public, and while saturation into the mainstream media likely peaked shortly after that, it can often be interesting to revisit technical revelations like this one from a layperson’s perspective.
Heartbleed has put the security community on notice: it is time to take a harder look at the security status of open source components and frameworks. After doing a little industry research on downloads from the (Maven) Central Repository, I’m sitting here with my jaw hanging open. Over 46 million Java-based open source components containing known vulnerabilities were downloaded from the Central Repository in 2013*.