<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Sonatype Blog

Stay updated on the latest news from the makers of Nexus

Vor Security brings OSS Index to Sonatype

Our data research team is always on the lookout for ways to expand Nexus Lifecycle’s coverage with new sources and feeds of data. A little under a year ago, we stumbled across OSS Index.net.

Heartbleed: The Open Source Vulnerability that Keeps on Giving (and Taking)

Disclosed in April 2014, Heartbleed is the vulnerability gift that keeps on giving to some -- and taking away from others.  The latest example of this dynamic surfaced today when ICO, the UK's data regulator, levied a £100,000 fine against the Gloucester City Council for poor hygiene which resulted in the theft of employees personal information.

We're a Java shop, we're not going to get hacked...

This article is another in a series of articles associated with our Executive Brief. To access the executive brief, “Addressing Security Concerns in Open-Source Components,” visit www.sonatype.com/securitybrief. You can follow the conversation on Twitter using the hashtag #OSSsecurity.

Today's Security Brief: Application security is widely neglected (by some surprising companies)

Today we published a paper with Aspect Security, and it's a shocking look at how few people are paying attention to application security. If you consume dependencies from the Central Repository and you don't want to get hacked, I'd suggest reading the report and understanding some of the challenges, I'd also check out some of these statistics. Here are three that jumped out at me: