Tag Archives: open source

How does Insight handle conflicting OSS licenses?

May 16, 2012 By
Mike Hansen

As we’ve been busy building out the Insight product line we’ve spent significant time considering the issues associated with “conflicting” and “invalid” licenses — licenses which upon consumption preclude further redistribution without being in violation of the licensing terms.  Conflicting (or incompatible) licenses are problematic for development organizations using open source software as there is […]

Continue reading...

Last Chance To Register! Webinar: Why We Need To Care About OSS Security Now

April 11, 2012 By
Emily Blades

Join Jason van Zyl for 30 minutes tomorrow, April 12 at 11:00AM EDT (GMT-0400), when he will share findings from an independent and comprehensive security review of the 31 most commonly used open source components. Jason will also share his thoughts on how we can build a healthier open source ecosystem. If you register, you’ll […]

Continue reading...

Wayne Jackson’s Presentation at RSA 2012: An Overview of Insight

April 2, 2012 By
Tim O'Brien

At RSA 2012, Wayne Jackson gave a short presentation focused on the security aspects of Sonatype Insight and the newly released Repository Health Check in Nexus Professional. This five minute overview gives you a sense of the magnitude of the problem we are trying to solve. Here are some of the highlights from Wayne’s presentation […]

Continue reading...

We’re a Java shop, we’re not going to get hacked…

March 27, 2012 By
Tim O'Brien

This article is another in a series of articles associated with our Executive Brief. To access the executive brief, “Addressing Security Concerns in Open-Source Components,” visit www.sonatype.com/securitybrief. You can follow the conversation on Twitter using the hashtag #OSSsecurity. I just wanted to reiterate the key point of yesterday’s security brief which is: “You and everyone […]

Continue reading...

Today’s Security Brief: Application security is widely neglected (by some surprising companies)

March 26, 2012 By
Tim O'Brien

Today we published a paper with Aspect Security, and it’s a shocking look at how few people are paying attention to application security. If you consume dependencies from the Central Repository and you don’t want to get hacked, I’d suggest reading the report and understanding some of the challenges, I’d also check out some of […]

Continue reading...

Study: More Than 50 of Global 500 Use Vulnerable Open Source Components

March 25, 2012 By
The Vigilant Application Owner

March 25, ZDNet – (International) Study: More than 50% of Global 500 use vulnerable open source components. According to a joint research report issued March 25 by Sonatype and Aspect Security, more than 50 percent of the world’s largest corporations have open source applications with security vulnerabilities. That is because more than 80 percent of […]

Continue reading...