Skip to content

Sonatype Blog
Syndicate content
Updated: 9 hours 21 min ago

Bash 2014 – This Is Not a Party

Thu, 09/25/2014 - 22:58
I can honestly say that although referred to by the media as Shellshocked, I am neither shocked nor awed. I can’t say that I am a fan of the latest glorification of bugs like Heartbleed and Shellshock in a fashion similar to tropical storms, but if it gets more people to pay attention to the...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

What Happened Sept 16th?

Tue, 09/23/2014 - 17:15
We led an invasion last week armed with a flying drone, glowing lightsabers, and the latest knowledge on open source security vulnerabilities. Our mission? Lead, share, educate, moderate, and have some fun. Our coordinates? This year’s AppSecUSA 2014 event in Denver, Colorado. If you were...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Skeleton Key

Fri, 09/19/2014 - 18:14
A skeleton key is capable of opening any lock regardless of make or type. Do you know anyone who has one? I do. Lots of them. At the HP Protect conference last week in Washington DC, the theme of their conference was “think like a bad guy”. They introduced us to known hackers, their approaches to...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

11,000 Voices

Tue, 09/16/2014 - 20:33
This week, I will be attending AppSec USA in Denver with the rest of our Sonatype crew. While it will be my first time attending the event, I am really excited to be leading a panel discussion at the event this Thursday. If you will be at the event, please come by the session or the Sonatype booth...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Time for Full Open Source Disclosure

Fri, 09/12/2014 - 15:31
We are not the first industry to face this challenge. But many are convinced our problem is much smaller than it really is or that it does not exist. They simply ignore it. Or choose to do nothing about it. Meanwhile, the problem is multiplying like rabbits. The challenge lies within our...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Gartner Goes Development-Centric

Thu, 09/11/2014 - 16:38
Recently, Gartner published a new research report that says by 2016, “the vast majority of mainstream IT organizations will leverage nontrivial elements of open source software (directly or indirectly) in mission- critical IT solutions. However, most will fail to effectively manage these assets in...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Nexus 3.0 Technology Preview (Milestone 1 Release)

Thu, 09/04/2014 - 17:15
The Nexus development team at Sonatype is pleased to announce the release of the first milestone build (M1) of Nexus 3. This release is a technology preview covering the open source version, Nexus OSS, focused specifically on the new user interface. Nexus Pro will be covered in the upcoming M2...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Integrating with SonarQube

Wed, 08/27/2014 - 22:26
Customers using CLM want to surface known security vulnerabilities and license risk in the same place developers or executives already go to assess the overall quality of their application. To support this growing interest from our customers, we are introducing our next important milestone:...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Never a More Interesting Time

Tue, 08/26/2014 - 15:32
“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Light, it was the season of Darkness, it was the spring of hope, it was the winter of despair, we had...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Hear no Evil, See no Evil, Deploy no Evil

Wed, 08/20/2014 - 16:14
I was going to start off listing a series of what I think are easy questions that I reckon everyone in technology should be able to answer even if they are not or have never been involved with writing software. I gave this some serious thought and decided (perhaps a little arbitrarily) that,...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Part 3 – [ ________ ] is the Best Policy

Mon, 08/18/2014 - 18:05
In part 1 and part 2 of the '[ ________ ] is the Best Policy' series, we looked at how open source policies can quite often lead to the wrong type of behavior in an organization. As we saw, 41% of development professionals stated they are generally looking for the path of least resistance when it...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

“Wait! Wait! Don’t pwn me!” from Black Hat 2014

Thu, 08/14/2014 - 21:13
At the Black Hat 2014 Conference in Las Vegas, Mark Miller, Community Advocate for Nexus, and Executive Producer of the OWASP 24/7 Podcast Series, presented the third installment of the OWASP security news quizz, “Wait, Wait! Don’t Pwn Me!”. Play along and see how many news...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Part 2 – [ ________ ] is the Best Policy

Wed, 08/13/2014 - 16:28
In Part 1, ‘[ ________ ] is the Best Policy, we looked at some of the common aspects of an open source policy and discussed how our recent survey discovered that 41% of people think that policies are not enforced. Now in Part 2, we will look at how effective policies are when considering security...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Part 1 – [ ________ ] is the Best Policy

Mon, 08/11/2014 - 17:44
Open source has been around for donkey’s years but until recently the persuasive argument of “many eyeballs” was the guiding policy when using open source. In comes the recent industry shock wave we all know as Heartbleed and now many of us are re-evaluating the cost of free software.

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

HTTPS Support Launching Now!

Mon, 08/04/2014 - 17:21
It is live! Within an extremely short turnaround time the Sonatype Operations team has coordinated certificates and other setup with our excellent CDN provider Fastly and you can now all enjoy the content of the Central Repository via HTTPS/SSL.

To read more, visit our blog at blog.sonatype.com.
Categories: Companies