Tag Archives: clm

Announcing CLM 1.5: New release simplifies policy management


July 11, 2013 By
Derek Weeks

At its core, Sonatype CLM uses policies to manage component usage. Policies provide automated guidance and enforcement throughout the software lifecycle, allowing for direct, stage-appropriate actions. For example, developers can be warned early in the IDE with little consequence, while applications, ready to be released, can be failed to protect production systems. Since policy actions […]

Continue reading...

See the Great Battle of Security and Speed at the Gartner Security & Risk Management Summit


June 6, 2013 By
Emily Blades

Once upon a time…there was a great battle between Speed and Security. Development wanted to go fast, but security wanted to slow down and be safe. Sound familiar? Modern applications are no longer written entirely from scratch using custom code, they are assembled from open source components using a relatively small amount of custom code […]

Continue reading...

Is it time for a Nexus Repository Health Check? Come to the Nexus Office Hours to get your Diagnosis.


May 27, 2013 By
Jessica Dodson

If your repository contained a jar file with a known vulnerability, how would you know? What would it mean to you to have that sort of visibility into your repository health? This isn’t probably something you consider often since one of the benefits of having a repository manager is enforcing component standards. But as you […]

Continue reading...

New Webinar: No Way! Security & Compliance Can Speed Development


May 13, 2013 By
Emily Blades

Date: Tuesday, May 7, 2013 11:00AM-11:45AM EDT (GMT-0400) The business expects more! You have turned to agile development practices and components to deliver. You’re not alone…research shows 80% of modern applications consist of components, many of them open source. On the flip side, 57% of organizations aren’t managing components effectively. Enter security and compliance; once […]

Continue reading...

Application Security, Not so Black & White


May 8, 2013 By
Ryan Berg

I’m glad to see that Simon Phipps, independent open source consultant and a director of the Open Source Initiative, promote the need to manage components effectively. In his recent InfoWorld article he notes: “Cyber security is on the national political agenda, but do we really understand what it takes to be secure? Now that enterprise […]

Continue reading...

“I want to write really insecure code today”


May 7, 2013 By
Derek Weeks

This is the last in my series of blog posts on my favorite quotes from the Security at the Speed of Development webinar with Wendy Nather, Research Director, Security for 451 Research and Ryan Berg, Sonatype CSO. When asked how organizations can hire good security talent in today’s competitive marketplace, Wendy noted: “Some of the best app security people that […]

Continue reading...

“Personally, I have always been a fan of bribery”


May 6, 2013 By
Derek Weeks

Here is another post on my favorite quotes from the Security at the Speed of Development webinar with Wendy Nather, Research Director, Security for 451 Research and Ryan Berg, Sonatype CSO. When asked about how the security team can effectively collaborate with the development organization, Wendy (with tongue in cheek) responded: “Personally I have always been a fan of bribery. […]

Continue reading...

“They wait until the software flaw trends on Twitter”


May 3, 2013 By
Derek Weeks

Here is another post on my favorite quotes from the Security at the Speed of Development webinar with Wendy Nather, Research Director, Security for 451 Research and Ryan Berg, Sonatype CSO. Wendy was talking about how inertia makes it difficult to justify fixing security flaws later in the development lifecycle: “Management will want to wait until there is […]

Continue reading...

“Good luck getting Mike to fix big security flaws.”


May 1, 2013 By
Derek Weeks

I’m writing several posts using my favorite quotes from the recent Security at the Speed of Development webinar with Wendy Nather, Research Director, Security for 451 Research and Ryan Berg, Sonatype CSO. In this first post, Wendy was talking about the need to integrate security in from the beginning… “The best place to set security standards […]

Continue reading...