OpEd articles

2016 State of the Software Supply Chain Report

2016 State of the Software Supply Chain Report Released

2016 State of the Software Supply Chain Report Released

The 2nd Annual State of the Software Supply Chain Report has been released, containing information on open source download patterns from over 3000 organizations. The report is a Sonatype research project, analyzing data from over 31 billion downloads from the Central Repository and other open source repositories. Listen to the OWASP 24/7 Podcast below to

CEO, Wayne Jackson

Sonatype Closes $30 Million Financing

From Wayne Jackson, CEO, Sonatype At Sonatype, we know two things are true: Security, quality, and speed are critical to modern software (business) success. The world’s best software starts with the world’s best components. That’s precisely why our Nexus Software Supply Chain Automation solutions automatically and continuously infuse the highest quality components into every aspect

Deserialization - Featured Image

The Latest Victim of Deserialization-Gate

Last week the world was hit with what can be awarded the Vulnerability Of The Day for Java – the commons-collections deserialization vulnerability. The latest victim of the continued series of vulnerabilities comes from the Spring project with an implicating class that allows the same unsafe deserialisation vector in the spring-core. What makes this issue particularly

Java Deserialization

Did you wake up to an alert about the Java Deserialization vulnerability?

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their inclusion of Apache commons-collection. If you have no idea what I’m talking about, stop now and go read this factual and un-sensationalized account of the situation. I’ll wait. Ok, now

DevOps Days Open Spaces

Remote Open Spaces – Is it Even Possible?

Follow Mark Miller on twitter: @TSWAlliance I was talking with Nathen Harvey at DevOpsDays Boston this week and the topic of open space technology meetings came up. We had tried it at the Sonatype Engineering Summit last month and it worked extremely well. As Nathen and I were discussing how effective it was at DevOpsDays Boston,

Author, Manfred Moser

Live from OSCON 2015: Nexus and the Community

I am sitting here in the Community Management Workshop run by Jono Bacon on the first day of OSCON 2015 in Portland. I have been following Jono’s actvities since the LUGRadio days, his involvement inUbuntu and the first edition of the excellent book TheArt of Community. Since I attended the Community Leadership Summit a couple

Software Supply Chain Report

2015 State of the Software Supply Chain Report: Released

  This morning, the 2015 State of the Software Supply Chain Report was released. This is a fascinating study done by Derek Weeks, analyzing component usage of 106,000 organizations. Some of the research is common knowledge, such as 17B downloads of components per year from the Central Repository, or that Nexus is the 800 pound