An Open Discussion on Open Source Review Boards

By Derek Weeks on March 17, 2014 Sonatype Says

1 minute read time

The recent FS-ISAC whitepaper, “Appropriate Software Security Control Types for Third Party Service and Product Providers”, reveals the majority of internal software applications created by financial


Secure From the Start: Combining Open Source Policies, Practice & Tools

By Derek Weeks on February 26, 2014 CISO

3 minute read time

In short, open source security can't be an after thought. Security isn't only the responsibility of 'security professionals' but instead a shared responsibility for all parties involved in developing