Skip to content

Sonatype Blog
Syndicate content
Updated: 10 hours 38 min ago

11,000 voices…

Tue, 09/16/2014 - 20:33
This week, I will be attending AppSec USA in Denver with the rest of our Sonatype crew. While it will be my first time attending the event, I am really excited to be leading a panel discussion at the event this Thursday. If you will be at the event, please come by the session or the Sonatype booth...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

It’s Time for Full Open Source Disclosure…

Fri, 09/12/2014 - 15:31
We are not the first industry to face this challenge. But many are convinced our problem is much smaller than it really is or that it does not exist. They simply ignore it. Or choose to do nothing about it. Meanwhile, the problem is multiplying like rabbits. The challenge lies within our...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Gartner Goes Development-Centric

Thu, 09/11/2014 - 16:38
Recently, Gartner published a new research report that says by 2016, “the vast majority of mainstream IT organizations will leverage nontrivial elements of open source software (directly or indirectly) in mission- critical IT solutions. However, most will fail to effectively manage these assets in...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Nexus 3.0 Technology Preview (Milestone 1 Release)

Thu, 09/04/2014 - 17:15
The Nexus development team at Sonatype is pleased to announce the release of the first milestone build (M1) of Nexus 3. This release is a technology preview covering the open source version, Nexus OSS, focused specifically on the new user interface. Nexus Pro will be covered in the upcoming M2...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Integrating with SonarQube

Wed, 08/27/2014 - 22:26
Customers using CLM want to surface known security vulnerabilities and license risk in the same place developers or executives already go to assess the overall quality of their application. To support this growing interest from our customers, we are introducing our next important milestone:...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Never a More Interesting Time

Tue, 08/26/2014 - 15:32
“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Light, it was the season of Darkness, it was the spring of hope, it was the winter of despair, we had...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Hear no Evil, See no Evil, Deploy no Evil

Wed, 08/20/2014 - 16:14
I was going to start off listing a series of what I think are easy questions that I reckon everyone in technology should be able to answer even if they are not or have never been involved with writing software. I gave this some serious thought and decided (perhaps a little arbitrarily) that,...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Part 3 – [ ________ ] is the Best Policy

Mon, 08/18/2014 - 18:05
In part 1 and part 2 of the '[ ________ ] is the Best Policy' series, we looked at how open source policies can quite often lead to the wrong type of behavior in an organization. As we saw, 41% of development professionals stated they are generally looking for the path of least resistance when it...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

“Wait! Wait! Don’t pwn me!” from Black Hat 2014

Thu, 08/14/2014 - 21:13
At the Black Hat 2014 Conference in Las Vegas, Mark Miller, Community Advocate for Nexus, and Executive Producer of the OWASP 24/7 Podcast Series, presented the third installment of the OWASP security news quizz, “Wait, Wait! Don’t Pwn Me!”. Play along and see how many news...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Part 2 – [ ________ ] is the Best Policy

Wed, 08/13/2014 - 16:28
In Part 1, ‘[ ________ ] is the Best Policy, we looked at some of the common aspects of an open source policy and discussed how our recent survey discovered that 41% of people think that policies are not enforced. Now in Part 2, we will look at how effective policies are when considering security...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Part 1 – [ ________ ] is the Best Policy

Mon, 08/11/2014 - 17:44
Open source has been around for donkey’s years but until recently the persuasive argument of “many eyeballs” was the guiding policy when using open source. In comes the recent industry shock wave we all know as Heartbleed and now many of us are re-evaluating the cost of free software.

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

HTTPS Support Launching Now!

Mon, 08/04/2014 - 17:21
It is live! Within an extremely short turnaround time the Sonatype Operations team has coordinated certificates and other setup with our excellent CDN provider Fastly and you can now all enjoy the content of the Central Repository via HTTPS/SSL.

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Outnumbered, Again

Wed, 07/30/2014 - 17:36
I remember it clearly. Sitting down for breakfast, I opened the Sydney Morning Herald to see the latest headlines in Australia for the day. As I shuffled through the paper, I finally landed upon the Technology section and then noticed pages and pages of “help wanted” adds.

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

SSL Connectivity for all Central Repository users Underway

Wed, 07/30/2014 - 12:23
We’ve had quite a bit of public scrutiny recently over how we’ve chosen to provide SSL access to Central for the last two years. At Sonatype, we have a history of investments in the Maven Central community, all of which are focused on improving the quality of the contents, increasing reliability...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Two AppSec Questions Always Asked

Thu, 07/24/2014 - 19:26
While Repository Health Checks are valuable, we just released something even better: the CLM 1.11 Dashboard. First of all, it helps you answer the first two critical open source vulnerability questions: did we ever use that and where is it? And, you can find out the answers to those questions in...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Part 2: The Internet of Everything: Code, Cars, and More

Thu, 07/24/2014 - 16:18
In part one of my blog, It's Just the Way Software is Made, I discussed the realities of how software is made, the birth of agile development, and the advent of component-based software development. Today, we will drive down the software supply chain to understand where your software has really...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies