Applications are becoming the primary security threat vector. Since applications are constructed from 3rd party components, there continues to be a tremendous amount of industry effort and impetus behind managing open source components effectively. And now we can add the Financial Services / Information Sharing and Analysis Center (FS-ISAC) to the list.
In the Nexus Live event John Nagro and Tom McLaughlin from HubSpot detailed how they are using
Nexus as a repository for their development and release components. They
found that they need to be able to quickly create another virtual
machine as part of their build infrastructure to react to changes in
datacenter locations and other parameters.
CONTROL, ENFORCEMENT, APPROVALS, POLICIES These concepts run counter to fast, agile, based-development. These words make developers cringe, they are “4 letter words”. Could it be that the problems with these concepts is not what they are trying to accomplish, but how they are implemented? They are intended to ensure that applications developers create are trusted, […]
We constantly receive inquiries about how organizations can get the most out of their repository manager. We thought it would be good to address this topic in a series of webinars. While preparing for the webinars, we looked at problems that afflicted organizations who aren’t using a repository manager. Developers Waste Time downloading a massive […]
We are pleased to announce the availability of Sonatype 1.6. This release is focused on policy hierarchy and inheritance support and includes a revamped user experience. The development team has also added a number of new quick start guides including one that provides guidance on policy management. Jeff Wayman does a great job of describing […]
At its core, Sonatype CLM uses policies to manage component usage. Policies provide automated guidance and enforcement throughout the software lifecycle, allowing for direct, stage-appropriate actions. For example, developers can be warned early in the IDE with little consequence, while applications, ready to be released, can be failed to protect production systems. Since policy actions […]
Once upon a time…there was a great battle between Speed and Security. Development wanted to go fast, but security wanted to slow down and be safe. Sound familiar? Modern applications are no longer written entirely from scratch using custom code, they are assembled from open source components using a relatively small amount of custom code […]
If your repository contained a jar file with a known vulnerability, how would you know? What would it mean to you to have that sort of visibility into your repository health? This isn’t probably something you consider often since one of the benefits of having a repository manager is enforcing component standards. But as you […]
Date: Tuesday, May 7, 2013 11:00AM-11:45AM EDT (GMT-0400) The business expects more! You have turned to agile development practices and components to deliver. You’re not alone…research shows 80% of modern applications consist of components, many of them open source. On the flip side, 57% of organizations aren’t managing components effectively. Enter security and compliance; once […]
I’m glad to see that Simon Phipps, independent open source consultant and a director of the Open Source Initiative, promote the need to manage components effectively. In his recent InfoWorld article he notes: “Cyber security is on the national political agenda, but do we really understand what it takes to be secure? Now that enterprise […]