Another Security Breach … Just in time for the holidays.


December 23, 2013 By
Ryan Berg
Holiday Breach

It just wouldn’t be the holiday season without a report of another major security breach. This time Target is the victim and, true to form, the shame and blame game follows. At this point it shouldn’t come to anybody’s suprise that compliance doesn’t equal secure. Even though the full details of the attack are unknown, you […]

Continue reading...

Who Really Wrote Healthcare.gov?


By
Wayne Jackson
Healthcare.gov

Opening a Dialogue About Supply Chain Risk Management in a World Powered by Open Source Software. As Marc Andreessen famously observed, “software is eating the world”. The proliferation of software is, indeed, transformational – it is everywhere, in laptops, of course, but also in cars, planes, phones, pacemakers, insulin pumps, refrigerators, thermostats, you name it. […]

Continue reading...

FinSvcs Working Group (FS-ISAC) Takes on Open Source Components


December 2, 2013 By
Derek Weeks
fs-isac thumbnail

Applications are becoming the primary security threat vector. Since applications are constructed from 3rd party components, there continues to be a tremendous amount of industry effort and impetus behind managing open source components effectively. And now we can add the Financial Services / Information Sharing and Analysis Center (FS-ISAC) to the list.

Continue reading...

What’s Happening in the Land of Open Source Components


November 27, 2013 By
Derek Weeks

We continue to see exponential growth in requests from the Central Repository. In fact, there were 8 Billion requests in 2012 – and it is looking like this year will total up to 13 Billion requests.Given these trends, the time seemed right for a series of blog posts that address recent activity in the area of open source governance and security

Continue reading...

Component-Capable Release Management is Key to DevOps


November 18, 2013 By
Derek Weeks

Part 3  —   Part 4 Component-Capable Release Management is Key to DevOps  – Part 5 Up Next  DevOps conversations are dominated by release management and production deployment. These are the primary topics at the DevOps conferences that we have attended in Atlanta, New York, Vancouver, Portland, Barcelona and London. This concerns me at some […]

Continue reading...

PCI 3.0 – Secure Payment Requires Secure Components


By
Derek Weeks

Well there is nothing like an updated specification that drives action or interest in a topic. We’re seeing that with the introduction of PCI 3.0. While there are several key updates to the specification, the one I find most interesting reflects the reality of how applications are constructed today – from components. It’s great to […]

Continue reading...

Should your devops pipeline consider component intelligence?


October 31, 2013 By
Manfred Moser

In the Nexus Live event John Nagro and Tom McLaughlin from HubSpot detailed how they are using
Nexus as a repository for their development and release components. They
found that they need to be able to quickly create another virtual
machine as part of their build infrastructure to react to changes in
datacenter locations and other parameters.

Continue reading...