Tips and Tricks with Nexus Professional and CLM

TheNexus Community “Members Only” area contains extensive video galleries, including Tips and Tricks with Nexus Professional and CLM by Brian Fox. Here’s an example from the Tips and Tricks series, “How CLM Make NVD Data More Useful“.  Join the community to gain immediate access to complete “Nexus Live” series.

From Brian Fox

Part of the curation that we do when we get the vulnerability is we trace it down to the root cause as best as we can. Usually, that will trace it down to the affected class files. By tracing it to the class files, we find out which component is broken. 

The curations that we do to take these vulnerabilities and apply them specifically to the affected components is really the only way to make this information actionable from a developer’s standpoint. There’s an impedance mismatch between the things that get reported in NVD and the things that the developers are actually choosing to use. 

 

 

The following two tabs change content below.

Brian Fox

Brian is Chief Technical Officer at Sonatype. He has extensive open source experience as a member of the Apache Software Foundation and former Chair of the Apache Maven project. Brian was a direct contributor to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin. He has over 15 years of experience driving the vision behind, as well as developing and leading the development of software for organizations ranging from startups to large enterprises. Brian is a frequent speaker at national and regional events including Java User Groups and other development related conferences.
Authors

Related posts

*

Top