Tag Archives: open source

We’re a Java shop, we’re not going to get hacked…


March 27, 2012 By
Tim O'Brien

This article is another in a series of articles associated with our Executive Brief. To access the executive brief, “Addressing Security Concerns in Open-Source Components,” visit www.sonatype.com/securitybrief. You can follow the conversation on Twitter using the hashtag #OSSsecurity. I just wanted to reiterate the key point of yesterday’s security brief which is: “You and everyone […]

Continue reading...

Today’s Security Brief: Application security is widely neglected (by some surprising companies)


March 26, 2012 By
Tim O'Brien

Today we published a paper with Aspect Security, and it’s a shocking look at how few people are paying attention to application security. If you consume dependencies from the Central Repository and you don’t want to get hacked, I’d suggest reading the report and understanding some of the challenges, I’d also check out some of […]

Continue reading...

Study: More Than 50 of Global 500 Use Vulnerable Open Source Components


March 25, 2012 By
The Vigilant Application Owner

March 25, ZDNet – (International) Study: More than 50% of Global 500 use vulnerable open source components. According to a joint research report issued March 25 by Sonatype and Aspect Security, more than 50 percent of the world’s largest corporations have open source applications with security vulnerabilities. That is because more than 80 percent of […]

Continue reading...

The Results Are In: Sonatype 2012 Open Source Development Survey


March 13, 2012 By
Charles Gold

I’m pleased to share the results of this year’s Sonatype Open Source Software Development Survey.  We were blown away by the level of participation — more than 2,550 of you took the survey. Thank you to all of you who contributed your thoughts about your tooling, the components you use, and your organizations’ open source […]

Continue reading...

How well do you know your open source licensing?


January 9, 2012 By
Terry Bernstein

Choosing components with appropriate licenses is critical to ensuring you realize the benefits and avoid the risks when developing with open source components. But, how well do you know your licenses? Can you describe the differences between permissive, weakly protective and copyleft licenses? Do you understand the ramifications of including copyleft licensed components in your […]

Continue reading...

Tips for Increasing Open Source Benefits– Tips #1 and #2


October 17, 2011 By
Terry Bernstein

With our launch of Insight, we’ve been talking to a lot of customers and prospective customers about effective management of open source-based development.  At this point, we’ve heard it all.  But some trends have emerged.  One thing is clear — virtually everyone wants to use more open source in their development processs, but realizes the […]

Continue reading...

Publishing Your Artifacts to the Central Repository


October 12, 2011 By
Brian Fox

Sonatype makes it easy to add your projects to the Central Repository with a free, public hosting service called OSSRH. We first blogged about this back in 2009, but given the growth in the community, we thought some of you may not have seen that post, so we decided to update it.

Continue reading...