<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Sonatype Blog

Stay updated on the latest news from the makers of Nexus

Who is Nigel Simpson? (Lessons of Open Source Governance)

If you are in the midst of creating (or even planning to implement) an Open Source Governance Policy for your organization, then you’ll want to get to know Nigel Simpson.

Skeleton Key

A skeleton key is capable of opening any lock regardless of make or type. Do you know anyone who has one? I do. Lots of them.

Time for Full Open Source Disclosure

We are not the first industry to face this challenge. But many are convinced our problem is much smaller than it really is or that it does not exist. They simply ignore it. Or choose to do nothing about it. Meanwhile, the problem is multiplying like rabbits.

Gartner Goes Development-Centric

Recently, Gartner published a new research report that says by 2016, “the vast majority of mainstream IT organizations will leverage nontrivial elements of open source software (directly or indirectly) in mission- critical IT solutions. However, most will fail to effectively manage these assets in a manner that minimizes risk and maximizes ROI.”

Integrating with SonarQube

Many development organizations we work with have turned to SonarQube as a dashboard to visualize and measure their code quality.

Never a More Interesting Time

“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity…”, penned Charles Dickens in 1859’s A Tale of Two Cities.

"Wait! Wait! Don't pwn me!" from Black Hat 2014

At the Black Hat 2014 Conference in Las Vegas, Mark Miller, Community Advocate for Nexus, and Executive Producer of the OWASP 24/7 Podcast Series, presented the third installment of the OWASP security news quizz, "Wait, Wait! Don't Pwn Me!". Play along and see how many news stories you can identify for the month of August 2014.