Join Us For Nexus Live: Product survey data revealed


September 5, 2013 By
Emily Blades

Join Brian Fox, Richard Seddon and Manfred Moser for Nexus Live next Wednesday, September 11, 2013 from 12:00PM-1:00PM EDT (GMT-0400) to: Get an insider’s look at how our most successful customers use Nexus. Preview what’s coming in Nexus 2.7. Get the details you need to plan for an upgrade now. Ask questions live and get […]

Continue reading...

Application Security: Focus on flaws, not on bugs


September 3, 2013 By
Derek Weeks

I recently listened to Gary McGraw’s interview on the Trusted Software Alliance Website. One thing he said (among many) that captured my attention was work that Cigital is doing on architecture risk analysis. Gary noted that security defects can be the result of bugs or flaws. “We pay more attention to (application) bugs and we need […]

Continue reading...

Important: Apache Struts Framework Security Alert


August 13, 2013 By
Derek Weeks

The popular Apache Struts Framework, a toolkit used to build many of today’s web applications, has a critical vulnerability that was recently announced by the Struts team at Apache. The National Institute of Standards and Technology (NIST) has added the exposure to the National Vulnerability Database and assigned a critical score (9.3 out of 10). […]

Continue reading...

A Brief and Incomplete History of DevOps


July 29, 2013 By
Jessica Dodson

The use of DevOps methodology and a structured process for integrating security into the development process is becoming more prevalent as large enterprises are seeing the benefits of a strategic alliance between development teams and operations. Instead of throwing the pig over the fence and hoping it turns into bacon by the time it touches […]

Continue reading...

Nexus 2.6: Much more than a new layer of paint


July 27, 2013 By
Manfred Moser

Generally speaking, when you talk to developers about new software releases, it can be a love or hate it kind of conversation. A new version of software can take many forms. You can find a lot has changed on the surface with new features but quickly realize it’s just new shine on the same old […]

Continue reading...

Application security needs to be redefined to stay relevant


July 26, 2013 By
Derek Weeks

Ok, so maybe it’s not the definition that’s the problem. Maybe it’s the fact that most people think of DAST and SAST when it comes to application security.  And when most developers are faced with DAST and SAST, they run for cover. Or maybe it’s the fact that most security practices are primarily focused on […]

Continue reading...

Do you trust your software supplier? Questions to ask yourself – and them!


July 24, 2013 By
Jessica Dodson

Ever since I attended the recent Gartner Security & Risk Management Summit, I’ve found myself thinking a lot about if “you can trust your software supplier”. My colleague wrote about this a bit in a Gartner recap blog and our CEO co-presented on this topic with Curtis Yanko as part of a solution provider session. […]

Continue reading...

Sonatype applauds GitHub’s approach to encourage OSS license selection


July 18, 2013 By
Derek Weeks

GitHub’s move to encourage developers to select an open source license for source code published to GitHub highlights the need for organizations to properly manage license concerns. The Central Repository, sponsored by Sonatype, has long since required license information for binaries that are  added, but encouraging license selection as part of the source code process […]

Continue reading...

Join Us for Nexus Live: Profiling your Nexus installation using JMX


July 12, 2013 By
Emily Blades

Wondering what’s new in Nexus? Just ask the experts. Join Brian Fox and Richard Seddon for Nexus Live next Wednesday, July 17, 2013 from 12:00PM-1:00PM EDT (GMT-0400) to: Learn how to profile your Nexus installation using JMX Ask questions live and get answers from top community contributors and respected Nexus professionals How to join: No […]

Continue reading...