Tag Archives: open source

SeaMonkey 2.10 Released, Closes Security Holes


June 7, 2012 By
The Vigilant Application Owner

H Security – (International) SeaMonkey 2.10 released, closes security holes. Mozilla’s SeaMonkey Project announced the release of version 2.10 of its open source “all-in-one Internet application suite.” The new version of SeaMonkey closes seven security holes, four of which are rated as critical. These include a buffer overflow and use-after-free issues, as well as a […]

Continue reading...

Apache Details OpenOffice 3.4 Security Fixes


May 17, 2012 By
The Vigilant Application Owner

H Security – (International) Apache details OpenOffice 3.4 security fixes. Following the release of Apache OpenOffice 3.4.0 the week of May 7, the Apache Software Foundation (ASF) detailed the security fixes included in the new version of the open source productivity suite. According to the ASF, the first stable release of OpenOffice under its governance […]

Continue reading...

How does Insight handle conflicting OSS licenses?


May 16, 2012 By
Mike Hansen

As we’ve been busy building out the Insight product line we’ve spent significant time considering the issues associated with “conflicting” and “invalid” licenses — licenses which upon consumption preclude further redistribution without being in violation of the licensing terms.  Conflicting (or incompatible) licenses are problematic for development organizations using open source software as there is […]

Continue reading...

Last Chance To Register! Webinar: Why We Need To Care About OSS Security Now


April 11, 2012 By
Emily Blades

Join Jason van Zyl for 30 minutes tomorrow, April 12 at 11:00AM EDT (GMT-0400), when he will share findings from an independent and comprehensive security review of the 31 most commonly used open source components. Jason will also share his thoughts on how we can build a healthier open source ecosystem. If you register, you’ll […]

Continue reading...

Wayne Jackson’s Presentation at RSA 2012: An Overview of Insight


April 2, 2012 By
Tim O'Brien

At RSA 2012, Wayne Jackson gave a short presentation focused on the security aspects of Sonatype Insight and the newly released Repository Health Check in Nexus Professional. This five minute overview gives you a sense of the magnitude of the problem we are trying to solve. Here are some of the highlights from Wayne’s presentation […]

Continue reading...

We’re a Java shop, we’re not going to get hacked…


March 27, 2012 By
Tim O'Brien

This article is another in a series of articles associated with our Executive Brief. To access the executive brief, “Addressing Security Concerns in Open-Source Components,” visit www.sonatype.com/securitybrief. You can follow the conversation on Twitter using the hashtag #OSSsecurity. I just wanted to reiterate the key point of yesterday’s security brief which is: “You and everyone […]

Continue reading...

Today’s Security Brief: Application security is widely neglected (by some surprising companies)


March 26, 2012 By
Tim O'Brien

Today we published a paper with Aspect Security, and it’s a shocking look at how few people are paying attention to application security. If you consume dependencies from the Central Repository and you don’t want to get hacked, I’d suggest reading the report and understanding some of the challenges, I’d also check out some of […]

Continue reading...