Skip to content

Sonatype Blog
Syndicate content
Updated: 14 hours 58 min ago

Never a More Interesting Time….

Tue, 08/26/2014 - 15:32
“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Light, it was the season of Darkness, it was the spring of hope, it was the winter of despair, we had...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Hear no Evil, See no Evil, Deploy no Evil

Wed, 08/20/2014 - 16:14
I was going to start off listing a series of what I think are easy questions that I reckon everyone in technology should be able to answer even if they are not or have never been involved with writing software. I gave this some serious thought and decided (perhaps a little arbitrarily) that,...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Part 3 – [ ________ ] is the Best Policy

Mon, 08/18/2014 - 18:05
In part 1 and part 2 of the '[ ________ ] is the Best Policy' series, we looked at how open source policies can quite often lead to the wrong type of behavior in an organization. As we saw, 41% of development professionals stated they are generally looking for the path of least resistance when it...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

“Wait! Wait! Don’t pwn me!” from Black Hat 2014

Thu, 08/14/2014 - 21:13
At the Black Hat 2014 Conference in Las Vegas, Mark Miller, Community Advocate for Nexus, and Executive Producer of the OWASP 24/7 Podcast Series, presented the third installment of the OWASP security news quizz, “Wait, Wait! Don’t Pwn Me!”. Play along and see how many news...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Part 2 – [ ________ ] is the Best Policy

Wed, 08/13/2014 - 16:28
In Part 1, ‘[ ________ ] is the Best Policy, we looked at some of the common aspects of an open source policy and discussed how our recent survey discovered that 41% of people think that policies are not enforced. Now in Part 2, we will look at how effective policies are when considering security...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Part 1 – [ ________ ] is the Best Policy

Mon, 08/11/2014 - 17:44
Open source has been around for donkey’s years but until recently the persuasive argument of “many eyeballs” was the guiding policy when using open source. In comes the recent industry shock wave we all know as Heartbleed and now many of us are re-evaluating the cost of free software.

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

HTTPS Support Launching Now!

Mon, 08/04/2014 - 17:21
It is live! Within an extremely short turnaround time the Sonatype Operations team has coordinated certificates and other setup with our excellent CDN provider Fastly and you can now all enjoy the content of the Central Repository via HTTPS/SSL.

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Outnumbered, Again

Wed, 07/30/2014 - 17:36
I remember it clearly. Sitting down for breakfast, I opened the Sydney Morning Herald to see the latest headlines in Australia for the day. As I shuffled through the paper, I finally landed upon the Technology section and then noticed pages and pages of “help wanted” adds.

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

SSL Connectivity for all Central Repository users Underway

Wed, 07/30/2014 - 12:23
We’ve had quite a bit of public scrutiny recently over how we’ve chosen to provide SSL access to Central for the last two years. At Sonatype, we have a history of investments in the Maven Central community, all of which are focused on improving the quality of the contents, increasing reliability...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Two AppSec Questions Always Asked

Thu, 07/24/2014 - 19:26
While Repository Health Checks are valuable, we just released something even better: the CLM 1.11 Dashboard. First of all, it helps you answer the first two critical open source vulnerability questions: did we ever use that and where is it? And, you can find out the answers to those questions in...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Part 2: The Internet of Everything: Code, Cars, and More

Thu, 07/24/2014 - 16:18
In part one of my blog, It's Just the Way Software is Made, I discussed the realities of how software is made, the birth of agile development, and the advent of component-based software development. Today, we will drive down the software supply chain to understand where your software has really...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Trusting Third-Party Code That Can’t Be Trusted

Tue, 07/22/2014 - 23:05
Paul Roberts (@paulfroberts) at InfoWorld recently shared his perspective on “5 big security mistakes coders make”. First on his list was trusting third-party code that can’t be trusted. Paul shares: “If you program for a living, you rarely -- if ever -- build an app from scratch. It's much more...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Part 3: The Internet of Everything: Code, Cars, and More

Tue, 07/22/2014 - 00:14
In part two of my blog 'A Closer Look at Today's Software Supply Chain', I discussed why human-speed supply chain management can’t keep pace with today’s agile software development practices and why high quality software components are not simply a given. In this final segment, I will share a real...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Are You Choosing the “Right” Component?

Thu, 07/17/2014 - 21:37
In our recent open source developer survey we asked, what are the TOP FOUR characteristics considered when selecting a component? And since components are the building blocks used when creating an application, selecting the right one is an important choice. Not surprisingly, the most important...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Part 1: The Internet of Everything: Code, Cars, and More

Thu, 07/17/2014 - 18:07
Just like automobile manufacturers, software “manufacturers” need to apply supply chain management principles for both efficiency and quality. They need to be prepared to conduct a rapid and comprehensive “recall” when a defect is found. And today’s modern development practices make this, well,...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Stewing Over Software Ingredients

Tue, 07/15/2014 - 20:21
Just the other day I was planning dinner for my family and thought it would be a great idea to bust out the Dutch oven I had to have, but rarely use, and make a nice stew. I ran to the grocery store to grab some fresh carrots, turnips, onions, a couple of Yukon Gold potatoes, and some fresh chicken...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

The Atlassian Story with guest Tim Pettersen on Nexus Live

Fri, 07/11/2014 - 17:56
Developers around the world are using BitBucket, Stash, Confluence, Jira and HipChat to help manage their projects. In the July 31 installment of Nexus Live, we’ll talk with Tim Pettersen, Developer Advocate at Atlassian.  We’ll find out what’s in store for future releases and how...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Lessons of Youth: A License to Use

Fri, 07/11/2014 - 16:03
I can still recall (it actually pains me to count the years, so I refuse to) with perfect clarity the sound of my 1200 baud modem handshaking with my neighborhood’s local BBS. It’s a sound that so consistently produces a smile for me, I liken it to the crisp smell of air just before rain begins to...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Open source components, a fine vintage or sour milk?

Tue, 07/08/2014 - 23:06
The U.S. recently overtook France as the world’s largest wine market. And here at Sonatype, we can proudly say we’ve contributed to this achievement. By not only consuming our fair share of wine but by also being involved -- outside of work -- in crafting our own wines. Over the 4th of July...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Securosis Dives Deep into our 2014 Survey

Wed, 07/02/2014 - 21:26
There are two ways to motivate others to action: emotional appeal and fact based analysis. Our 2014 Open Source and Application Security survey results touched on both. We've run this survey for the past four years, but this time we decided to reveal the results in a new way. Rather than let our...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies