Like a good holiday the Verizon 2014 Data Breach Investigation Report (DBIR) is something I look forward to every year. Now that I’ve had some office time to digest this, I figured no better time to share my thoughts. I am not going to cover all sections, but do want to highlight a few things that stuck out to me
In this segment of the Nexus 2 Minute Challenge, we asked Manfred Moser to replace the regular release process using the Nexus Staging Suite in less than 2 minutes. View the entire Nexus 2 Minute Challenge
In March, Manfred Moser and I introduced the concept of a “Nexus 2 Minute Challenge“, where I would ask Manfred to accomplish a specific task in Nexus in less than 2 minutes. The series was an immediate hit with over 1300 views within the first month. Here’s the inaugural video, Enable Component Version Discovery, from […]
Last week, I joined the Sonatype engineering team at the yearly summit where we got together and discussed the future roadmap for Nexus and CLM, talk with engineers who are doing the hands-on work on the projects and in general got caught up with each other. It’s always good to get this kind of face-to-face […]
As the HeartBleed bug wreaked havoc on the internet over the past few days, we at Sonatype began thinking about the lessons learned from this recent scare and how, collectively, we can develop a process for mitigating the next major exposure.
Once upon a time, there was a great battle between speed and security. Development wanted to go fast. But, security wanted to slow down and be safe. For years, they endured the pain of testing late in the lifecycle, sorting through reams of false positive reports, and dealing with the added cost of pushing bad software out the door. They knew there had to be a better way…
Code snippet scanning is a common question we get from prospects. We typically try to dig at why the prospect actually thinks they need snippet matching. We think this comes from mis-informed demand. To create conversation with the masses on this topic, I’ve shared my perspective so you have a complete picture of the risk and cost of code snippet scanning.
Want to win a programmable LEGO robot? Share your voice in this year’s survey. The real intent of the Open Source Development Survey is to SPARK DISCUSSION. Remember, it’s not the stats that count…it’s the value of the discussions that follow that make this survey so important. So take 5 minutes and take the survey. (it takes less than 5 minutes, we promise)
I love watching TED Talks. To me, they are 15 well-spent minutes watching experts around the world provide great insights into things I thought I knew well. Some I had never imagined or topics on which I want to gain a deeper perspective.
Since its inception in 2002, the Central Repository has grown to be the largest component repository of Java and other JVM, Android, related components and beyond. It is the default repository for Apache Maven, sbt and Leiningen, and it can easily be used from Gradle, Apache Ivy and others. The Central Repository has become the […]