Applications are becoming the primary security threat vector. Since applications are constructed from 3rd party components, there continues to be a tremendous amount of industry effort and impetus behind managing open source components effectively. And now we can add the Financial Services / Information Sharing and Analysis Center (FS-ISAC) to the list.
It’s fair to say we were excited back in May when the OWASP community proposed A9 “ Using Components with Known Vulnerabilities” as a top 10 open source security risk – so now it’s official, component vulnerabilities are considered a critical web security flaw. But why has this addition warranted its own category, formerly classified [...]
We have a problem. Application development has become agile, component-based, and open source dependent. But security approaches haven’t kept up. Every day we’re forced to make the dangerous choice between speed and security, putting Development and Security at odds. There has to be a better way. Join Wendy Nather, Research Director, Security, at 451 Research [...]
A big thanks goes out to everyone who was able to make it to our webinar yesterday. We appreciated all of your time, attention and great questions. If you weren’t able to make it, no worries — the recording is now available here. Please feel free to share this with your colleagues who are interested [...]
When Maven Repository Managers (MRM) first appeared on developers’ radar, everyone using them immediately saw the benefits. Right off the bat, MRMs replaced cobbled together solutions like shared drives or local Maven repositories copied and exposed via http. Since its release four years ago, Sonatype Nexus has grown to support many repository formats. And most [...]