As someone who has been through the process of supporting litigation I want to share my experience so that you understand what could happen when your organization incorporates OSS components under the wrong license or deals with code of questionable provenance. I’m writing this blog entry to convey the experience of being a developer who has to support litigation – it isn’t fun or productive, and it usually something that is completely avoidable.Continue reading
Sonatype makes it easy to add your projects to the Central Repository with a free, public hosting service called OSSRH. We first blogged about this back in 2009, but given the growth in the community, we thought some of you may not have seen that post, so we decided to update it. Continue reading
We want to thank everyone that attended the webinar on Thursday, October 6 titled Open Source Goodness – Potential Risks = Insight. Unfortunately we didn’t have time to answer all the great questions during the event, so we’ve answered them here for everyone’s benefit. If you missed the webinar, you can register to view a replay here. Continue reading
Bouncy Castle. Do those words mean anything to you? If you are a Java developer, you might know that Bouncy Castle is an encryption library often used to generate secure hash codes and encrypt data. In other words, it is a silly project name for a serious purpose. Do you any know that old, released versions of Bouncy Castle have known security vulnerabilities? I’m not writing this to cast a shadow of doubt on the project. Bouncy Castle is an awesome open source library, as is the Spring framework, Commons HttpClient, Tomcat, and Jetty. What Bouncy Castle has in common with all of these other open source components is that old versions of each project have known security vulnerabilities.
There’s a good chance that you might not be focused on this problem. You might not be constantly evaluating your project’s dependencies to analyze the risks.
Sonatype Insight™ helps development organizations gain better visibility and control over their use of open source components. With Insight, you’ll use open source freely while avoiding quality, security, or licensing issues. Insight was designed with developers in mind — it’s about productivity and quality, not bureaucracy and rework.
Attend our webinar on Thursday, October 6th at 10:30AM EDT (GMT-0400) to see how Insight:
- Helps you manage component quality, security, and licensing
- Integrates with your tools and processes
- Monitors your applications so you’ll know when a new defect is discovered
Take 30 minutes and learn how you can build better software faster while avoiding unnecessary risks.
All registrants will receive access to the recording after the event so if something comes up and you can’t make it, you won’t be missing out.