Tag Archives: open source

How a Software Bill of Materials Uncovers Known Vulnerabilities


April 30, 2015 By
Derek Weeks
iStock_000001171649Small

In two minutes, we can show you a full software bill of materials for your application.  We can also identify any known vulnerabilities in the open source and third-party components within your Java application.  Oh, and by the way, it’s free. That’s right, at Sonatype, we could not be more in favor of the code […]

Continue reading...

Nexus 3: New Milestone Release


February 12, 2015 By
Jeff Wayman
Nexus_Milestone

There are those of us that like to stay on the cutting edge of technology, fiddling with the latest and greatest, even if it means the experience might be a little rough around the edges. Yes, that might mean suffering through a bunch of issues despite a warning not to install Mavericks on our main […]

Continue reading...

Rubyists Rejoice – Nexus Supports RubyGem Repositories


December 2, 2014 By
Brian Fox
Very high resolution 3d rendering of a ruby isolated over white.

We have done it again! Our Nexus development team has been busy this fall.  With Nexus 2.9 in September, we introduced NuGet support for Nexus Open Source.  In October Nexus 2.10 introduced npm support for all Nexus editions.  And now with Nexus 2.11, we are adding Ruby Gem Repository support! We are happy to announce […]

Continue reading...

How Big is a Billion? Open Source Growth Skyrockets


November 10, 2014 By
Derek Weeks
iStock_000021230321Small

How Big is a Billion? We all remember 1997’s Austin Powers movie with Dr. Evil trying to express a really big number: Dr. Evil: Mr. President, after I destroy Washington D.C… I will destroy another major city every hour on the hour. That is, unless, of course, you pay me… one hundred billion dollars. The […]

Continue reading...

Nigel’s Wake-up Call: Scaling Open Source Governance


November 3, 2014 By
Derek Weeks
Portrait of a surprised young man wearing eyeglasses

The Wake-up Call They had downloaded over 200,000 open source components in the past year.  And their open source policy…the one established to protect against license risks and security vulnerabilities?  It covered about 3% of them. This is how Nigel Simpson, Director of Architecture at a major media and entertainment company, described his organization’s “huge” […]

Continue reading...

Who is Nigel Simpson? (Lessons of Open Source Governance)


October 28, 2014 By
Derek Weeks
iStock_000032990414Small

If you are in the midst of creating (or even planning to implement) an Open Source Governance Policy for your organization, then you’ll want to get to know Nigel Simpson. Nigel has been leading an enterprise-wide working group with over 40 members — at a really big entertainment and media company — to define his […]

Continue reading...

Bash 2014 – This Is Not a Party


September 25, 2014 By
Derek Weeks
Hipsters blowing confetti

I can honestly say that although referred to by the media as Shellshocked, I am neither shocked nor awed. I can’t say that I am a fan of the latest glorification of bugs like Heartbleed and Shellshock in a fashion similar to tropical storms, but if it gets more people to pay attention to the exponential growth of our reliance on software I can’t say I am too worked up about it either. One thing that is unarguable is that this just happens to be the latest (and if you are reading this before you have patched stop right now, patch, and then come back to finish).

Continue reading...

What Happened Sept 16th?


September 23, 2014 By
Derek Weeks
OWASP Board

We led an invasion last week armed with a flying drone, glowing lightsabers, and the latest knowledge on open source security vulnerabilities. Our mission? Lead, share, educate, moderate, and have some fun. Our coordinates? This year’s AppSecUSA 2014 event in Denver, Colorado. If you were there, you couldn’t miss us. If you weren’t there, don’t fret…they caught the entire thing on video.

Continue reading...

Hear no Evil, See no Evil, Deploy no Evil


August 20, 2014 By
David Jones
Software development concept in tag cloud on white background

I was going to start off listing a series of what I think are easy questions that I reckon everyone in technology should be able to answer even if they are not or have never been involved with writing software. I gave this some serious thought and decided (perhaps a little arbitrarily) that, actually, I’m really only interested in one single question for now and that is ‘should software be tested’?

Continue reading...