Tag Archives: open source

We’re bringing sexy back, Sonatype hits the catwalk


June 24, 2014 By
Derek Weeks
Open Source, New Sexy?

Enthusiasm for securing the software supply chain is growing in both conversation and practice. For the past year, Sonatype has called for a new approach to securing the software supply chain that gives organizations an opportunity to protect their business and their applications from hacker exploits — taking a frictionless approach built into the supply chain and software development lifecycle, as opposed to bolt-on solutions looking for vulnerabilities later in the development process.

Continue reading...

5 Things You Need to Know About Open Source Components


June 4, 2014 By
Mark Miller
Component Vulnerability Stats

You can’t get away from it. Thousands of open source components are being used in every industry, every day, to quickly build and deploy applications. For those not in the security industry, it’s hard to keep track of what is being done in this field to manage and monitor open source usage. This article is the first in a series where we will talk about open source in layman terms, identify how prevalent open source is in the modern development environment and how teams are approaching the management of such a multi-headed hydra.

Continue reading...

Part 2: How Your Software Is Like a Car – A Closer Look at Today’s Software Supply Chain


April 30, 2014 By
Wayne Jackson
Bill of Materials

In part one of my blog, It’s Just the Way Software is Made, I discussed the realities of how software is made, the birth of agile development, and the advent of component-based software development. Today, we will drive down the software supply chain to understand where your software has really coming from. I’ll also discuss why it’s important for us to instill high quality standards and governance policies in our “parts” ecosystem.

Continue reading...

Part 1: How Your Software Is Like a Car – It’s Just the Way Software is Made


April 17, 2014 By
Wayne Jackson
Automobile Supply Chain

Just like automobile manufacturers, software “manufacturers” need to apply supply chain management principles for both efficiency and quality. They need to be prepared to conduct a rapid and comprehensive “recall” when a defect is found. And today’s modern development practices make this, well, challenging to say the least.

Continue reading...

Code Snippet Scanning: Is it Really Needed Anymore?


April 4, 2014 By
Brian Fox
Code Snippet

Code snippet scanning is a common question we get from prospects. We typically try to dig at why the prospect actually thinks they need snippet matching. We think this comes from mis-informed demand. To create conversation with the masses on this topic, I’ve shared my perspective so you have a complete picture of the risk and cost of code snippet scanning.

Continue reading...

2014 Open Source Development Survey: Making Results Matter


April 1, 2014 By
Derek Weeks
mindstorm

Want to win a programmable LEGO robot? Share your voice in this year’s survey. The real intent of the Open Source Development Survey is to SPARK DISCUSSION. Remember, it’s not the stats that count…it’s the value of the discussions that follow that make this survey so important. So take 5 minutes and take the survey. (it takes less than 5 minutes, we promise)

Continue reading...

A Home for the Central Repository


March 20, 2014 By
Manfred Moser
The Central Repository

Since its inception in 2002, the Central Repository has grown to be the largest component repository of Java and other JVM, Android, related components and beyond. It is the default repository for Apache Maven, sbt and Leiningen, and it can easily be used from Gradle, Apache Ivy and others. The Central Repository has become the […]

Continue reading...

An Open Discussion on Open Source Review Boards


March 17, 2014 By
Derek Weeks
Bruce Mayhew on Open Source Review Boards

The recent FS-ISAC whitepaper, “Appropriate Software Security Control Types for Third Party Service and Product Providers”, reveals the majority of internal software applications created by financial services involve acquiring open source components and libraries to augment custom developed software. While open source code is freely available and reviewed by many independent developers, that review effort does not translate into all software components and libraries being free from risk.

Continue reading...

Financial Services Organizations have Open Eyes on Open Source


February 20, 2014 By
Derek Weeks
Open Eyes on Open Source

Let me open your eyes to a tidal wave of change that has already flooded the development organizations across Financial Services and other industries: “Software applications are no longer coded from scratch. They are assembled from building blocks — commonly known as open source components.” This is not a prediction about a tidal wave to […]

Continue reading...