May 7, 2018 - Thousands of Companies Are Still Downloading the Vulnerability That Wrecked Equifax

When the news emerged that Equifax had succumbed to a colossal data breach from mid-May through July of last year, consumers were livid—in part because the ransacking was entirely preventable. Hackers stole 148 million people’s names, Social Security numbers, birthdates, home addresses, and more sensitive information, as of the major credit bureau’s last count in March, and worse yet, it happened two months after software fixes for the vulnerabilities at fault had been made available.
Business Wire

25 avril 2018 – Trois fournisseurs de solutions de développement de code agile reçoivent le titre d'IDC Innovators

International Data Corporation (IDC) today published an IDC Innovators report identifying three technology providers that are considered key emerging vendors in the agile code development market. The three companies named as IDC Innovators are CloudBees Inc., GitLab Inc., and Sonatype, Inc.
Fox Business News

17 avril 2018 – Les grandes entreprises sont-elles menacées par la violation de données qui a touché Equifax ?

Sonatype President Bill Karpovich on concerns other companies are vulnerable to the same cyber attack as Equifax.
Cloudtech

17 avril 2018 – Comment l'évolution du paysage de la sécurité oblige les fournisseurs de solutions basées dans le cloud à réagir

The RSA Conference in San Francisco is a hotbed of news, analysis and reports on the security industry, with research from the Cloud Security Alliance (CSA) and automation software provider Sonatype being of particular interest.
HelpnetSecurity

17 avril 2018 – Les développeurs sont conscients de l'importance de la sécurité, mais n'ont pas de temps à lui accorder

Sonatype polled 2,076 IT professionals to discover practitioner perspectives on evolving DevSecOps practices, shifting investments, and changing perceptions, and the results of the survey showed that breaches related to open source components grew at a staggering 50% since 2017, and 121% since 2014.

April 16, 2018 - Datenschutzverletzungen sind Katalysatoren für Investitionen in DevSecOps

Die Umfrage von Sonatype vermittelt die Praxisperspektiven der Fachleute im Hinblick auf die Entwicklung von DevSecOps-Verfahren, die Verschiebung von Investitionen, sowie sich verändernde Wahrnehmungen. Bei Umfrageteilnehmern, die ausgereifte DevOps-Verfahren einsetzen, lag die Wahrscheinlichkeit, automatisierte Sicherheit zu integrieren um 338 Prozent höher, als bei Unternehmen, die keine DevOps-Verfahren im Einsatz haben.

16 avril 2018 – Malgré les efforts des équipes DevOps en matière de sécurité, les violations d'applications connaissent une hausse de 50 %

A new survey from Sonatype has revealed that DevOps teams are automating security 338 per cent more often as open source breaches jump by 55 per cent. The firm published the findings from its 5th annual DevSecOps Community Survey of 2,076 IT professionals which shared practitioner perspectives on evolving DevSecOps practices, shifting investments and changing perceptions. 

Infosecurity

16 avril 2018 – 100 développeurs pour un expert en sécurité : un chiffre insuffisant face à la multiplication des violations

Breaches related to open source components in applications have soared by 50% since 2017, according to a new study from Sonatype urging developers to adopt DevSecOps practices.

16 avril – Le DevOps, à l'origine du chaos au sein des composants open source, pourrait bien être la solution au problème

Modern software development is trending more toward a componentized approach because developers would rather assemble something using a variety of well-built pieces of third-party code than reinvent the wheel every time they create something new. The approach has done wonders for speed and agility, but it's increasing a lot of enterprise attack surfaces because too few organizations are keeping up with the vulnerabilities these components pose.
Beta News

16 avril 2018 – Les violations de données à grande échelle encouragent les investissements en DevSecOps

Breaches related to open source components have grown 50 percent since 2017, and an eye-opening 121 percent since 2014, according to a new survey from open source governance and DevSecOps automation specialist Sonatype.

29 mars 2018 – 4 millions de failles identifiées dans la sécurité des composants open source

Within a month of launching a scan for known vulnerabilities in JavaScript and Ruby libraries, the GitHub code repository site identified an incredible 4 million  flaws in the half-a-million repositories on its .
Logo RSA Conference

27 mars 2018 – Le Washington D.C. Metroplex peut-il devenir une plateforme majeure pour les start-ups spécialisées en cybersécurité ?

For many years, technology startup activity in the metropolitan Washington D.C. area has been respectable but very narrowly focused. Most of these startups, including cybersecurity companies, have traditionally targeted the federal government as their primary customer because the government has always been a much easier sell than the broad commercial market.
MSSP Alert

26 mars 2018 – Nexus Firewall, le pare-feu nouvelle génération conçu par Sonatype pour les développeurs open source

Sonatype, a provider of development and operations (DevOps) tools designed to help organizations automate their software supply chains, now offers its Nexus Firewall to developers using the open-source version of its Nexus Repository software storage, distribution and organization tool.
ZDNet

25 mars 2018 – ​FOSSA : L'open source au service de la gestion des licences open source

No one ever became a programmer so they could mange open-source licenses. But, that's what many developers must do these days. Black Duck Software, the open-source software logistics and legal solutions provider, and North Bridge found in 2015 that 66 percent of companies create open-source software. That's great, but all that code comes with a wide variety of licenses, each with its own set of requirements. What's a developer or company to do?
Logo Venture Beat

24 mars 2018 - Nécessité de réglementation : aux États-Unis, les éditeurs de logiciels doivent être tenus pour responsables des failles de sécurités qu'ils créent.

The software industry has failed to sufficiently protect the public from data theft and misuse. It’s time for the U.S. government to get serious about regulation.

19 mars 2018 - Postes intéressants avec croissance exponentielle du salaire

15 mars 2018 - This Week in Spring : toujours plus de Spring Boot 2

Hi, Spring fans! Welcome to another installment of This Week in Spring! This week I’m in blizzard-besieged Boston, Massachusetts, for the epic Spring One Tour Boston event. Unfortunately, due to this crazy snow storm/blizzard, the event’s been postponed one day as we all grapple with the weather. Hope you were able to join the Spring Boot 2.0 launch webinar! If not the replay will be available here and don’t forget to check out the launch blog!

15 mars 2018 - DevSecOps - Ce n’est ni toi, ni moi, mais NOUS !

Next month, we're proud to participate in two special events focusing on DevSecOpsAhead of DevSecOps Days and our webinar with John, we wanted to share some tips and emerging trends for DevSecOps that experts shared on another industry panel - the one held at the recent DevOps Enterprise Summit in San Francisco 2017.

15 mars 2018 - DevSecOps a-t-il atteint ses objectifs ?

At this point, the concept of DevOps should be familiar to everyone. But with the rise of cybersecurity attacks, organizations have seen the need to incorporate security into the mix. Thus, the idea of DevSecOps.
Computer Weekly

13 mars 2018 - Distributions : un an de développement Linux

Linux will turn 30 in three years. We look at how far the major Linux distributions – or distros – have come over the past year and what they might be able to bring in the future.

8 mars 2018 - Security by design : faut-il plus de gouvernance ?

Hot on the heels of the French legislators, the government in the UK is now announcing tougher guidelines device manufacturers in its Security by Design review. Crucial here is the move to build security into smart devices from the very beginning and ensure software is automatically updated.

8 mars 2018 - 2018, est-ce l'année du crypto-jacking ?

« Si 2017 a été l’année du ransomware, 2018 va être l’année du cryptojacking, » a déclaré Bill Karpovich, vice-président responsable de la stratégie au sein de la société de sécurité logicielle Sonatype.
Cheddar

8 mars 2018 - Les dessous du piratage d'IBM par des mineurs de crypto

More and more people are mining cryptocurrency to cash in on the craze. But some are actually hacking into computers to leverage other people's mining power. Sonatype's Senior Vice President Bill Karpovich explains the danger of these miners and how hackers exploited IBM several years ago.

7 mars 2018 - L'appel des autorités à repenser la sécurité de l'IdO sera-il suivi par les professionnels ?

Amid rising concerns about the security of IoT devices, the government today announced its intent to make manufacturers of IoT devices responsible for the security of their products, while also proposing new rules to ensure that buyers are aware of security features in such devices at the time of purchase.
IT News Africa

6 mars 2018 - L'open source, révolution technologique, commerciale et sociétale

Free and open source software is far more than just another way to develop code. In fact, the rise of the open source revolution represents a fundamental change in the way we use information to create a better world.
Infosecurity

5 mars 2018 - Intégrer la sécurité open source à DevOps

DevOps is a philosophy of IT operations that binds the development of services and their delivery to the core principles of W. Edwards Deming’s points on Quality Management. When applied to software development and IT organizations, Deming’s principles seek to improve the overall quality of software systems as a whole.
Infosecurity Group

2 mars 2018 - 1 composant open source sur 8 contient des erreurs.

The number of buggy open source components downloaded in the UK has soared by over 100% over the past year, according to new research from Sonatype. The DevSecOps automation firm revealed that one in eight open source components downloaded in the country last year contained known security vulnerabilities – a 120% year-on-year increase.

The Daily Record

28 février 2018 - Des dirigeants d'entreprises du Maryland finalistes du prix organisé par le Tech Council

The Maryland Tech Council announced the finalists for its 30th anniversary industry awards.
Cloudbees

27 février 2018 - Mark Miller et Derek Weeks de Sonatype – DevOps au quotidien

DevOps Radio is a CloudBees-sponsored podcast series. Hosting experts from around the industry, the show dives into what it takes to successfully develop, deliver and deploy software in today’s ever-changing business environment. From DevOps to Docker, each episode features real-world insights and a few stories, tips, industry scoop and more.
Logo PCR

26 février 2018 - En France, les éditeurs de logiciels seront désormais responsables des failles de sécurité identifiées dans leurs applications.

The French government has drawn up proposals to hold software manufacturers accountable for security vulnerabilities. The proposed legislation would make manufacturers liable for the security of a product while it is on the market, and with the possibility of requiring its software to be made open-source at end-of-life.

Logo Managers Club

14 février 2018 - Interview de Mike Hansen, directeur développement produit et ingénierie chez Sonatype

"I was an individual contributor for the first 10 years of my career. I loved writing software, especially network software, wrangling with complex problems in pursuit of the simplest possible solutions. While I was a good (not great) software developer, I suspected I might be a better leader."

16 février 2018 - Les développeurs citoyens accélèrent la cadence au sein de BizDevOps.

The concept of BizDevOps is about bringing business leaders, developers and operations teams together to more quickly create and deploy software. Recent trends in BizDevOps include the introduction of low-code/no-code development platforms, a process that brings more productivity to the equation and enables business analysts and so-called citizen developers to have a bigger hand in building applications.
Logo PCR

13 février 2018 - Ce qui doit changer suite au scandale « Spectre and Meltdown »

When Intel CEO Brian Krzanich took to the stage at CES in Las Vegas, he could have been forgiven for wanting to be anywhere else in the world. Just days before the world’s biggest tech show got underway, it was revealed that almost all PCs, Macs and mobile devices were at risk of being hacked due to a pair of vulnerabilities that existed in a alarming number of Intel, AMD and ARM-produced chips.

7 février 2018 - Le renforcement des lois de protection des données rend indispensable la gouvernance des logiciels open source.

As new local and international data protection laws come into force, organisations running high-velocity software development practices must tighten up their governance and risk-management policies, or run the risk of facing severe legal penalties.
Computing

1er février 2018 - Sélection du prix DevOps Excellence 2018

The shortlist for the 2018 DevOps Excellence Awards is here!  Take a look at the list below to see whether you have made this prestigious selection of excellence in DevOps.
ThreatPost

24 janvier 2018 - Skype, Slack et Signal face à un grave bogue de leur infrastructure de développement

Hundreds of software applications built using the developer framework called Electron may be vulnerable to a remote code execution flaw, according to developers of the framework. Impacted are dozens of popular Windows applications such as Microsoft’s Skype for Windows, Slack and the Signal secure messaging application.
Logo DevOps.com

23 janvier 2018 - Annonce des lauréats du troisième Annual DevOps Dozen

We are very pleased to announce the winners of the third annual DevOps Dozen Awards. In many ways this year was a watershed year for the DevOps Dozen, as the process of selecting, voting and choosing the winners was much more refined and mature. In each of the 12 (it is a dozen, after all) categories the winners were absolutely deserving of the award and recognition.
GovTechWorks

10 janvier 2018 - Dans un contexte Agile et DevOps, la sécurisation du code passe inévitablement par l'automatisation.

The world’s biggest hack might have happened to anyone. The same software flaw hackers exploited to expose 145 million identities in the Equifax database – most likely yours included – was also embedded in thousands of other computer systems belonging to all manner of businesses and government agencies.
Information Security Buzz

5 janvier 2018 - Défaillance de la puce Intel

Following the news that a fundamental design flaw in Intel’s processor chips, dating back to 1995 would allow an attacker to read protected memory, IT security experts commented below.
Logo Computer Review

4 janvier 2018 - Six tristes vérités pour les DSI, 4e partie

Very often you can hear arguments about viruses and other malware. Much less often talk about upgrading systems, patches for software, replacing versions. Here, as a rule, the principle of "works - do not touch" is professed. Only this very malware finds new holes in system and application programs.
Information Age

19 décembre 2017 - Les entreprises s'ouvrent à l'intégration de la protection des données dès la phase de conception afin de se conformer au RGPD.

With GDPR coming into play May 2018, companies doing business in the EU face the prospect of fines and damaged reputations if they cannot prevent vital corporate and customer data from falling into the wrong hands.
CIOReview

19 décembre 2017 - L'essor du logiciel

At the end of the second quarter of 2017, of the top ten most valuable public companies seven were tech companies while five were software companies. These five companies represented close to $3 trillion in market cap. Apple and Amazon, the other two, clearly have their share of software assets.
Logo SC Media

18 décembre 2017 - Des pirates exploitent les prouesses de la NSA pour attaquer Monero.

Zealot campaign used Eternalblue and Eternalsynergy to mine cryptocurrency on networks. Security researchers have found a new hacking campaign that used NSA exploits to install cryptocurrency miners on victim's systems and networks. They said that the campaign was a sophisticated multi-staged attack targeting internal networks with the NSA-attributed EternalBlue and EternalSynergy exploits.

13 décembre 2017 - Cybersécurité en 2018 : amendes RGPD et course à l'intelligence artificielle en vue

With 2018 fast approaching, here we are at the end of a tumultuous year in the world of cybersecurity. Attacks have been launched on infrastructure and democracy, mainstream media attention has been snatched and billions of sets of data have been plundered.

7 décembre 2017 - Pourquoi DevOps repose-t-il principalement sur la technologie des conteneurs ?

Containerisation is one of the most exciting tech trends to emerge over the last few years. Designed to work at operating system level, it's a popular virtualisation method that allows IT professionals to deploy and distribute applications easily.

20 novembre 2017 - La façon moderne de développer du code sûr

Derek Weeks, VP and DevOps Advocate at Sonatype, discusses how software development has evolved over the past ten years and the influence of DevOps practices across government agencies.  Rather than taking a project and hiring people who can code, today systems are put together with blocks of code that are already written.

16 novembre 2017 - Parity Technologies était au courant de l'erreur qui a coûté 300 millions de dollars en cryptomonnaie Ethereum.

The loss of $300 million in cryptocurrency shows the urgent need for businesses and cryptocurrency firms to know what libraries and binaries they’re using. With open source binaries forming the basis of 80 – 90% of applications, they play a vital role in driving innovation and powering the world as we know it. However, Parity ’s issues are a stark reminder that all binaries are not created equal.

16 novembre 2017 - Comment les développeurs et les opérationnels peuvent-ils mieux collaborer ? - Partie 1

When you say "DevOps" one of the first words that comes to mind is "collaboration." Even the structure of the word "DevOps" implies that Dev and Ops are coming together, collaborating in a way they had not done before. On DEVOPSdigest's list 17 Ways to Define DevOps, in the first definition entitled "A Cultural Revolution," Aruna Ravichandran, VP of DevOps Solution Marketing and Management at CA Technologies, said: "DevOps is a cultural revolution that liberates software delivery through cohesive collaboration and advanced automation."

13 novembre 2017 - Disparation de 214 millions de livres en cryptomonnaie Ethereum suite à une suppression de code

Tuur Demeester, editor in chief at Adamant Research, claimed that of that figure, about £69 million belongs to Parity founder and former Ethereum core developer Gavin Woods' Initial Coin Offering (ICO) Polkadot. “Following the fix for the original multi-sig issue that had been exploited on 19th of July (function visibility), a new version of the Parity Wallet library contract was deployed on 20th of July,” the advisory stated.

6 novembre 2017 - Comment les développeurs et les opérationnels peuvent-ils mieux collaborer ? - Partie 1

When you say "DevOps" one of the first words that comes to mind is "collaboration." Even the structure of the word "DevOps" implies that Dev and Ops are coming together, collaborating in a way they had not done before. On DEVOPSdigest's list 17 Ways to Define DevOps, in the first definition entitled "A Cultural Revolution," Aruna Ravichandran, VP of DevOps Solution Marketing and Management at CA Technologies, said: "DevOps is a cultural revolution that liberates software delivery through cohesive collaboration and advanced automation."

3 novembre 2017 - Vos données sont-elles vendues sur le dark web ?

Sonatype's crown jewel is its database of descriptions of over 1.2 million open source packages. “If that is lost, it could be an existential outcome,” said Wayne Jackson, CEO of the Fulton, Maryland-based software supply chain management company. To shut down any such leak quickly, Sonatype monitors the web for any indications that its data has been stolen and is being shared on line. That monitoring includes the dark web.

31 octobre 2017 - Les langages que chaque professionnel de la sécurité applicative devrait connaître

By 2022, there will be a shortfall of an estimated 1.8 million security professionals worldwide, with an acute scarcity of the technical professionals needed for secure software development, according to the 2017 Global Information Security Workforce Study. For many people interested in breaking into security, the shortage could be an opportunity. Some 87% of cybersecurity professionals started in a different career, with 30% coming from outside of IT, according to the biennial study.

29 octobre 2017 - L’avancée implacable des nouvelles technologies et leur impact sur GovCon

Letitia (Tish) Long, Chairman of the Board, Intelligence and National Security Alliance (INSA) [Internet of Things Cybersecurity Improvement Act of 2017]

27 octobre 2017 - Les 14 principales embauches du domaine des nouvelles technologies dans le district de Columbia en octobre

Every month we recap the biggest tech hires and departures in the D.C. area over the past month. To get hiring and other local innovation news daily, sign up for The Beat. Here’s our list of the top hires in D.C. innovation for October

24 octobre 2017 - Les bibliothèques tierces représentent la partie la plus à risque des applications.

Much has been written to guide software developers on how to develop secure software. Despite this general awareness, we continue to see vulnerable software produced. One of the observations in the HPE Cyber Risk Report 2016 is that attackers have shifted their focus from servers and operating systems directly to applications. 

17 octobre 2017 - Comment DevOps met fin à la sécurité traditionnelle

Security can be a hard sell. It’s difficult to convince development teams to spend their limited cycles patching security holes with line-of-business managers pressuring them to release applications as quickly as possible. But given that 84 percent of all cyberattackshappen on the application layer, organizations can’t afford for their dev teams not to include security.

16 octobre 2017 - Session questions-réponses avec Sonatype : open source, gestion de la chaîne logistique et plateforme Nexus

Today’s software development teams have increasingly embraced the use of open source and third-party components in building their projects instead of actually starting from scratch. But while open source usage has added significant value to software development, enabling speed and innovation in teams, it has also introduced a host of security vulnerabilities.

16 octobre 2017 - Emplois DevOps : 4 tendances à surveiller

If you’ve got DevOps chops, you already know you’re in demand. And if you’re an IT leader hiring for a DevOps shop, you know the challenges in finding good people. Like DevOps itself, the DevOps job market continues to evolve. And let’s be honest: This isn’t an area of consensus in IT, as the ongoing debate about titles such as “DevOps Engineer” attests. 

16 octobre 2017 - Bill Karpovich rejoint Sonatype en tant que vice-président responsable de la stratégie et du développement de l'entreprise

Sonatype, the leader in software supply chain automation, has hired Bill Karpovich as SVP, Strategy and Corporate Development. Bill will lead strategic partnering, acquisitions, and new growth initiatives. Bill joins Sonatype from IBM.

16 octobre 2017 - Nouvel arrivant : Bill Karpovich

Bill Karpovich will lead portfolio evolution, strategic partnering, acquisitions, and new growth initiatives worldwide for Sonatype, the leader in software supply chain automation. Reporting to CEO Wayne Jackson, Bill will help the company expand its portfolio and scale operations globally.

13 octobre 2017 - William G. Karpovich occupe désormais un nouveau poste chez Sonatype, Inc.

Sonatype, Inc. operates as an holding company, which provides enterprise software solutions. Its products include Nexus Repository Managers and Nexus Firewall, Lifecycle, and Auditor. The company was founded by Sarel Jason van Zyl and Brian Fox in 2008 and is headquartered in Fulton, MD.

9 octobre 2017 - Évolutions DevOps : 5 tendances à surveiller

The term “DevOps” is typically credited to this 2008 presentation on agile infrastructure and operations. Now ubiquitous in IT vocabulary, the mashup word is less than 10 years old: We’re still figuring out this modern way of working in IT. Sure, people who have been “doing DevOps” for years have accrued plenty of wisdom along the way. But most DevOps environments – and the mix of people and culture, process and methodology, and tools and technology – are far from mature.

29 septembre 2017 - En bref : Microsoft travaille sur un langage de programmation dédié aux ordinateurs quantiques

Microsoft wants to own Quantum CodingQuantum computing is still in its nascent stage. But Microsoft – probably still wary of missing a trick like it did with mobile – has already staked its claim on the space. The Redmond Company announced this week that it is developing a language for programming quantum bits. The as-yet-unnamed language should be available for preview by the end of the year.

29 septembre 2017 - Comme l'illustre CCleaner, la sécurité logicielle a un « problème systémique »

It’s a truism of the Digital Age that anything can be hacked. It’s also a truism that things aren’t always what they seem. Those notions hold true for CCleaner, which, with 115 million monthly active users, is the most popular Windows system-cleaning and -optimizing software in the world. New findings about an attack on older versions of CCleaner, first disclosed last week, indicate that hackers targeted the popular third-party consumer utility in order to infiltrate corporate computer systems.

28 septembre 2017 - Interview de Derek Weeks : « Bis aufs Schreiben von Code kann alles automatisiert werden »

Sicherheit und agile Entwicklung in DevOps-Umgebungen scheinen auf den ersten Blick nicht zusammenzupassen. Genau hier soll DevSecOps ansetzen. Dev-Insider hat sich mit Derek Weeks, Vice President Sonatype, über die vermeintlichen Widersprüche unterhalten.

27 septembre 2017 - Sonatype – Présentation de la plateforme Nexus

On this podcast, Curtis Yanko, Technical Director, Alliances and Partners at Sonatype discusses how the Nexus Platform helps customers automate open source governance so they can build software the same way Red Hat builds Red Hat Enterprise Linux. Listen here (9 minutes):

26 septembre 2017 - Nouvel incident, leçons à tirer toujours identiques

The story of recent breaches at the credit-rating agency Equifax, which may have involved the personal details of nearly 150 million people, has probably just begun, given the confusion that still surrounds events. But it’s brought the security of open source software to the fore yet again, and highlighted the ongoing struggle organizations still have with cybersecurity.

22 septembre 2017 - De nombreuses entreprises utilisent le logiciel que des pirates ont exploité pour accéder aux données d’Equifax

More than 50,000 organizations are using outdated and leaky versions of Apache, the software whose Struts app gave hackers a back door into Equifax—even though free fixes have been available for nine months, according to Sonatype, a firm that monitors downloads of open-source software. Corporate America has been slow to update its open-source software, even after the Equifax hack that exposed 143 million people’s sensitive data. “When you take on use of an open-source project, you’re outsourcing software development to strangers,” says Sonatype CEO Wayne Jackson.

21 septembre 2017 - Les directeurs des systèmes d'information et de la sécurité d'Equifax démissionnent suite à la confusion provoquée par l'installation des correctifs

The two most senior security roles have since been filled by the credit rating firm, with the world still stunned by the scale of the breach that also affected around 400,000 people in the UK. The way Equifax executives and its IT security team appears to have failed to adequately apply patches, the amount of time it took to discover the depth of the breach and the delay in ultimately reporting it certainly paints a picture of a colossal failure at all levels, including the curiously timed stock sales by top executives (who deny knowledge of the breach at the time of the sale) just days before the disclosure, reported by Bloomberg. 

 

21 septembre 2017 - Les directeurs des systèmes d'information et de la sécurité d'Equifax annoncent leur démission suite à la violation des données de l'entreprise

Under-fire credit reporting agency Equifax has confirmed that its CSO and CIO are retiring following a massive data breach at the company affecting 143 million U.S. and 400,000 British customers. A few days later, Equifax brought in security consulting firm Mandiant, now a unit of FireEye and associated with many high-profile forensics investigations including the Yahoo breach previous year, when data on more than 1 billion accounts were exposed. 

20 septembre 2017 - Application désastreuse des correctifs du composant Struts par Equifax : des MILLIERS d'autres entreprises dans le même cas

The Equifax breach was the result of a vulnerable Apache Struts component. Software automation vendor Sonatype warns that 3,054 organisations downloaded the same Struts2 component exploited in the Equifax hack in the last 12 months. The affected version of Struts2 was publicly disclosed as vulnerable (CVE-2017-5638) on March 10, and was subsequently exploited at Equifax between May and late July, when the attack was finally detected.

19 septembre 2017 - DevSecCon : l’état de la sécurité DevOps

With containerization, microservices, and a new software framework popping up seemingly every few months, software is moving fast—so fast that adding security to the agile development processes is difficult because the technologies are changing so quickly.
De nombreuses accusations circulent suite à la violation des données d'Equifax.

19 septembre 2017 - De nombreuses accusations circulent suite à la violation des données d'Equifax

If you’re not reading this on another planet or in a bunker somewhere, then you’re likely aware of the recent breach of data from credit agency Equifax. Reports indicate that unknown attackers took advantage of a vulnerability in an Equifax web application to purloin personal identifiable information from 143 million people, including Social Security numbers.

18 septembre 2017 - 3 000 entreprises susceptibles de subir le même sort qu'Equifax

The number of organizations that have downloaded vulnerable versions of the Struts2 component (CVE-2017-5638) totals 3,054, according to Sonatype. Analyzing data from the Maven Central repository, the largest distribution point for Java open-source components, Sonatype found a startling lack of hygiene related to enterprise consumption of vulnerable Struts2 components, which were exploited in the massive breach at Equifax.

18 septembre 2017 - Faille Apache Struts : plus de 3 000 entreprises concernées

More than 3,000 organizations could be at risk of suffering an attack against the same vulnerability that allowed hackers to gain access to the records of more than 143 million Americans from credit reporting firm Equifax. The troublesome figure comes from supply chain automation firm Sonatype, which found a total of 3,054 organizations still using a vulnerable version of Apache Struts, a popular web application framework.

16 septembre 2017 - Les victimes de la violation subie par Equifax ne savent pas forcément que leurs données sont en danger

Equifax has been making headlines the last few weeks for a large security breach involving consumers in the U.S., U.K., and Canada. Attackers gathered the personal information of up to 143 million U.S. consumers, including credit card numbers for about 209,000 people. Other information accessed during the breach includes names, Social Security numbers, birth dates, addresses, and driver’s license numbers, all of which are valuable to identity thieves.

13 septembre 2017 - IdO et open source : comment augmenter la sécurité des applications en mettant l'accent sur la qualité

Developers often fail to effectively manage the security of the open-source components they use. Unfortunately, most software incorporates at least one vulnerable component, and that means that, unless developers keep on top of their repository, they are linking vulnerabilities into their code.

12 septembre 2017 - Interview radio de Wayne

KCBS news radio interviews Wayne Jackson, CEO of Sonatype, to discuss the Equifax data breach related to Struts2, open source governance practices, and pending IoT legislation in the Senate.  Listen here (2 minutes):

12 septembre 2017 - The Morning Risk Report : les logiciels open source sous les feux de l'actualité après la violation subie par Equifax

As cybersleuths work to uncover the exact vulnerability hackers exploited to pull off the data theft, one thing companies not wanting to be the next Equifax can do is review the types of open-source software used in applications they deploy—and then look for ways to more effectively mitigate those threats.

12 septembre 2017 - Les procès liés au piratage d'Equifax commencent à s’accumuler

U.S. consumer credit reporting agency Equifax Inc. will soon be heading to court with multiple lawsuits being filed against the company following its disclosure of a massive hack last week. The lawsuits, which stand at least two dozen according to Reuters, come in a number of different flavors, including one suit that alleges that Equifax was guilty of equities fraud, while a number of other suits are specifically targeting Equifax’s response to the hack such as its offer of one year of free credit monitoring.

11 septembre 2017 - Comment empêcher les piratages de données de crédit similaires à celui subi par Equifax

In the wake of the hacking last week of U.S. consumer credit reporting agency Equifax Inc., security experts bemoaning are calling for big changes, including big penalties for the data brokers that hold so much information critical to everyone’s financial life.

3 septembre 2017 - Nominations et promotions de la région de Washington

Sonatype of Fulton appointed Letitia Long and Steve Hills board members.

 

24 août 2017 - Steve Hills

Steve Hills, the former president and general manager of The Washington Post, has joined Sonatype's Board of Directors.

24 août 2017 - Letitia Long

Letitia Long, the former director of the U.S. National Geospatial-Intelligence Agency (NGA), has joined Sonatype's Board of Directors.

16 août 2017 - Ancienne directrice de la NGA, Letitia Long rejoint le conseil d'administration de Sonatype

Letitia Long, former director of the National Geospatial-Intelligence Agency, has been named an independent director of Sonatype‘s board of directors. Sonatype said Tuesday Long will work with board representatives from the company’s lead investors that include Goldman Sachs, Accel Partners, New Enterprise Associates and Hummer Winblad Venture Partners.

15 août 2017 - Letitia Long et Steve Hills | Sonatype

Letitia Long, the former director of the U.S. National Geospatial-Intelligence Agency and Steve Hills, the former president and general manager of The Washington Post, have joined the board of directors of software supply chain automation company Sonatype as independent directors.

14 août 2017 - Sonatype évalue désormais les programmes automatisés grâce à des indicateurs de succès.

Software supply chain automation leader, Sonatype, has announced support of its new return on investment metrics and application quality within its Nexus Lifecycle solution. The new feature, Success Metrics, enables DevOps teams to measure and quickly assess the ability of its automated open source govonernance programmes.

8 août 2017 - Sonatype signale des problèmes dans la chaîne logistique de Spotlights Software.

Most application developers today don’t write much raw code. Rather, applications developed today are created mostly by combing various modules and widgets to create a custom application. But currently there is little oversight being applied to the provenance of application components, especially when it comes to open-source software.

4 août 2017 - Les composants open source ne sont pas tous créés égaux

Imagine if you could improve the quality of your applications and cut development cost at the same time?It is possible, if you can manage the quality of the open source components used by their developers. This is according to the third annual State of the Software Supply Chain Reportpublished by US-based software supply chain automation specialist, Sonatype.

31 juillet 2017 - Un rapport Sonatype indique que la gestion active des composants open source apporte de sensibles améliorations

In July, Sonatype released their third annual State of the Software Supply Chain report concluding that when organisations actively manage the quality of open source components in software applications they see a 28% improvement in developer productivity (through reduction in manual governance), a 30% reduction in overall development costs, and a 48% increase in application quality (as application vulnerabilities are removed early reducing their incidence in production). 

24 juillet 2017 - Quiz mensuel : testez vos connaissances des tendances en matière d’outils de développement open source

The move to open source development tools -- already unstoppable -- continues to gain momentum. Years ago, open source was looked upon as a way to save money. Today, a key driver is the clear fact that, with tens of thousands of contributors sharing their expertise and the ever-widening availability of high-quality code, resistance is futile.

22 juillet 2017 - This Week in Scalability : les sauvegardes systèmes à l’ère des conteneurs

As we gear up to release our next e-book on the Kubernetes open source container orchestration engine (check with us in about a month), we have been reviewing how well K8s has been making its way into the enterprise — the true determinant of whether the software becomes an essential component of “the new stack,” so to speak.

July 20, 2017 - DevOps-Praktiken reduzieren den Einsatz schadhafter Open-Source-Komponenten um 63 Prozent

Der Supply-Chain-Automation-Anbieter Sonatype veröffentlichte diese Woche den dritten jährlichen Software-Supply-Chain-Statusbericht. Der diesjährige Bericht hebt Risiken hervor, die in Open-Source-Software-Komponenten lauern, und quantifiziert die empirischen Vorteile eines aktiven Managements in Bezug auf die Hygiene innerhalb der Software-Lieferkette.

20 juillet 2017 - Lingettes logicielles, Sonatype plaide en faveur de l'hygiène logistique

Supply chain automation company Sonatype produces what it calls its Software Supply Chain Report every year (now in its third) in an attempt to highlights alleged ‘risks’ lurking within open source software components.

19 juillet 2017 - Un rapport Sonatype révèle les risques liés aux open source software

Sonatype has announced the release of its third report State of the Software Supply Chain; highlighting risks within open source software components and the benefits of actively managing software supply chain hygiene.

19 juillet 2017 - Un rapport sur la chaîne logistique logicielle détaille les incidences de l’open source.

Sonatype has released its third annual State of the Software Supply Chain Report. This year’s report highlights risks lurking within open source software components and quantifies the empirical benefits of actively managing software supply chain hygiene.

19 juillet 2017 - Une mauvaise bibliothèque de code à l'origine de la vulnérabilité Devil’s Ivy dans des millions d'appareils IdO

Tens of millions of products ranging from airport surveillance cameras, sensors, networking equipment and IoT devices are vulnerable to a flaw that allows attackers to remotely gain control over devices or crash them.

18 juillet 2017 - Comment mettre en évidence les erreurs contenues dans les applications mobiles personnalisées

As enterprises develop more custom applications -- many of them mobile apps as part of a mobile-first strategy -- in-house developers are increasingly at risk of unwittingly using open-source code rife with vulnerabilities.

18 juillet 2017 - L'open source guide l'automatisation de DevOps

Heightened awareness about the security risks associated with open source software has increased use of disciplined DevOps practices that have improved application quality and developer productivity, a software supply chain survey finds.

18 juillet 2017 - Rapport 2017 sur la chaîne logistique logicielle : Open-Source-Software-Komponenten umsichtig verwenden

Open Source gilt als sicher, weil viele Mitwirkende einen Blick auf den Code werfen. Dennoch zeigen Studien, dass durch den unbedachten Einsatz von OSS-Komponenten häufig auch Schwachstellen in Anwendungen eingeschleust werden. Mit einem guten Software Supply Chain Management kann das verhindert werden, sagt der neue Software Supply Chain Report 2017 von Sonatype.

18 juillet 2017 - Rapport Sonatype 2017 sur la chaîne logistique logicielle : les pratiques DevOps réduisent l’utilisation de composants open source défectueux de 63 %

Sonatype, the leader in software supply chain automation, today announced the release of its third annual State of the Software Supply Chain Report. This year’s report highlights risks lurking within open source software components and quantifies the empirical benefits of actively managing software supply chain hygiene.

18 juillet 2017 - DevOps macht Open-Source-Einsatz sicherer

In der Software-Lieferkette finden sich immer häufiger Open-Source-Komponenten. DevOps-Strategien und ein aktives Management helfen dabei, defekte Komponenten besser zu erkennen, wie der jüngste Software Supply Chain Report von Sonatype unterstreicht. Für den 2017 Software Supply Chain Report hat Sonatype mehr als 17.000 Applikationen analysiert. Dabei zeigte sich, dass sich die Produktivität der Entwickler bei einer aktiven Steuerung der eingesetzten Open-Source-Komponenten um 28 Prozentpunkte erhöhte. Die gesamten Entwicklungskosten ließen sich um 30 Prozent reduzieren.

18 juillet 2017 - DevOps-Praktiken reduzieren schadhafte Open-Source-Komponenten

Sonatype veröffentlicht den dritten jährlichen Software-Supply-Chain-Statusbericht. Der diesjährige Bericht hebt Risiken hervor, die in Open-Source-Software-Komponenten lauern, und quantifiziert die empirischen Vorteile eines aktiven Managements in Bezug auf die Hygiene innerhalb der Software-Lieferkette.

 

17 juillet 2017 - Rapport Sonatype sur la chaîne logistique logicielle, Motorola et Neurala s'allie sur le thème de l'IA, l'Exonum du groupe Bitfury

Sonatype released its third annual State of the Software Supply Chain report, which highlights risks within open source software components. The report also highlights the benefits of managing software supply chain hygiene. “Companies are no longer building software applications from scratch, they are manufacturing them as fast as they can using an infinite supply of open source component parts. 

17 juillet 2017 - Les pratiques DevOps aident à améliorer la qualité des composants open source

The use of open source components can help speed up the software development process, but it comes with a risk if poor quality code leads to vulnerable applications being released. The latest State of the Software Supply Chain Report from DevOps tools specialist Sonatype reveals that organizations which actively manage the quality of open source components flowing into production applications realize a 28 percent improvement in developer productivity, a 30 percent reduction in overall development costs, and a 48 percent increase in application quality.

7 juillet 2017 - Les réinitialisations de mots de passe npm montrent que les développeurs doivent améliorer leurs pratiques en matière de sécurité

Thousands of developers who publish JavaScript packages in the npm repository have had their passwords reset since May because their login credentials were too weak or had been publicly exposed. The affected accounts were in control of tens of thousands of Node.js modules that, in turn, were direct or indirect dependencies for half of the entire npm ecosystem.

6 juillet 2017 - Observation des pratiques de sécurité informatique en amont du processus de développement applicatif : étude

In the past, IT security in the application building process has often been addressed as an after-thought, usually brought up at the last minute, just after the desired application and code were created. Since 2014, however, that frequent pattern has been changing as more security emphasis is apparently being brought into application development earlier in its creation, according to a recent DevSecOps study on enterprise security practices, released by Sonatype.

30 juin 2017 - Sonatype rachète Vor Security pour élargir ses services d'assistance sur les composants open source Nexus

In June, Sonatype announced the acquisition of Vor Security to extend their open-source component intelligence solutions’ coverage to include Ruby, PHP, CocoaPods, Swift, Golang, C, and C++. Sonatype, well known as the creators of artifact repositories Apache Maven and Nexus, have extended their previously Java, JavaScript, .Net and Python centric component intelligence capabilities to include the new open-source ecosystems. The new capabilities are packaged in a new product, Nexus Lifecycle XC and, like the existing Nexus Lifecycle product, are delivered via the Nexus IQ server.

29 juin 2017 - Une entreprise d'informatique du Maryland rachète une entreprise de sécurité et lance un nouveau service de données

A Maryland-headquartered provider of tools to automate software supply chains has acquired a Canadian firm and launched a new data service. Fulton-based Sonatype Inc. has acquired Vor Security of Ottawa, Ontario. Ken Duck, the founder and CEO of Vor, will work on data that underpins Sonatype's tools.

29 juin 2017 - Eclipse Oxygen, Android Things Console et Sonatype rachètent Vor Security

The Eclipse Foundation has announced Eclipse Oxygen is now available. The Oxygen release includes 83 projects, 287 committers, and about 71 million lines of code. “We’re proud to announce the arrival of Eclipse Oxygen, the 12th annual simultaneous release from the Eclipse Community,”

29 juin 2017 - Toujours plus de connaissances sur l'open source pour Sonatype grâce à un rachat

Fulton-based Sonatype is bringing on some deeper knowledge about potential security vulnerabilties with an acquisition. The company that makes tools to automate software processes and potential holes in open source code acquired Vor Security, which is based in Ottowa, Canada.

21 juin 2017 - Les principaux avantages de la méthode Agile - partie 2

Why Agile? DEVOPSdigest asked the experts for their opinions on what are the most important advantages of being Agile. Part 2 is all about speed.

20 juin 2017 - Sonatype intègre Nexus Lifecycle à Microsoft Visual Studio.

Sonatype, the leader in software supply chain automation, today announced that it has released a new version of Nexus Lifecycle that includes an extension to Microsoft Visual Studio, a popular integrated development environment (IDE).

13 juin 2017 - DevSecOps n’est pas la panacée en matière de sécurité.

Many development teams view security as an impediment to agility and innovation, but efforts over the past few years have tried to integrate security controls and testing directly into DevOps workflows without sacrificing development speed and deployment flexibility.

24 mai 2017 - Sonatype lance une nouvelle version de son Repository Health Check gratuit

Sonatype released the next generation of its free Repository Health Check (RHC) feature within its flagship Nexus Repository product. All 120,000 organizations using Nexus will benefit immediately from the ability to automatically analyze the quality and security of open source software components housed within their Nexus Repository as part of their DevOps pipeline.

17 mai 2017 - Interview sur BBC Radio : cybercriminalité

With two international cyber-crime conferences in Belfast in the same week, we're asking whether your company can stay ahead of the hackers. Wendy Austin is joined by Shannon Lietz, DevSecOps lead at Intuit; Mark Miller, senior storyteller at Sonatype; and David Crozier of Queen's University spinout CSIT.

4 mai 2017 - Sommet Red Hat : solution hub de Black Duck, plateforme de gestion de services cloud par CloudHealth Technologies et Nexus Repository de Sonatype

Red Hat’s annual open-source technology event, Red Hat Summit, is coming to a close today. The event showcases the latest innovations in cloud computing, platform, virtualization, middleware, storage and systems management technologies.

2 mai 2017 - Nexus Repository de Sonatype homologué pour fonctionner sur la plateforme de conteneurs Red Hat OpenShift

Sonatype has containerized and certified its Nexus Repository to run on Red Hat OpenShift Container Platform.

1er mai 2017 - Nexus Repository de Sonatype reconnu en tant que solution Red Hat OpenShift homologuée

Sonatype released the next generation of its free Repository Health Check (RHC) feature within its flagship Nexus Repository product.  As of today, all 120,000 organizations using Nexus will benefit immediately from the ability to automatically analyze the quality and security of open source software components housed within their Nexus Repository as part of their DevOps pipeline.

26 avril 2017 - DevSecOps ou comment construire des logiciels plus sûrs, beaucoup plus rapidement

DevOps can help develop software faster, but that's not making it any safer. DevSecOps is an effort to bring security into the mix. Here are some ways to get started.

26 avril 2017 - Nexus se lance sur DC/OS de Mesosphere.

Nexus Repository is the first to offer DC/OS users a free, private registry for Docker containers in addition to enterprise-scale artifact management for the most popular development languages. Nexus Repository offers a great way to organize, store, and distribute software components critical to DevOps and CI/CD toolchains.

25 avril 2017 - Sonatype annonce les résultats de l’enquête DevSecOps 2017.

Sonatype, the leader in software supply chain automation, today announced the telecommunications results of its 2017 DevSecOps Community Survey. 160 telecommunications IT professionals participated in the online survey conducted in February 2017, out of a total of 2,292 overall survey respondents. The survey revealed that mature development organizations ensure automated security is woven into their DevOps practice early, everywhere, and at scale. Analysis of responses also found that 20% of telecom organizations continue to struggle with breaches, consistent with overall survey respondents.

24 avril 2017 - Sonatype présente la nouvelle génération de son Repository Health Check gratuit.

Sonatype released the next generation of its free Repository Health Check (RHC) feature within its flagship Nexus Repository product.  As of today, all 120,000 organizations using Nexus will benefit immediately from the ability to automatically analyze the quality and security of open source software components housed within their Nexus Repository as part of their DevOps pipeline.

21 avril 2017 - Les dangers cachés des vulnérabilités des composants

Today's development practices continue to evolve toward the fast iterations of smaller builds. Developers are using approaches like microservices to chunk out monolithic applications into a sum of more rational and reusable mix-and-match elements.

20 avril 2017 - Sonatype annonce la prise en charge de Git LFS par Nexus Repository.

Sonatype, the leader in software supply chain automation, today announced that Nexus Repository is first to market with free support for Git Large File Size (LFS) artifacts. With the addition of Git LFS, Nexus Repository now supports eight of the most popular software component types, including Docker, Java, npm, NuGet, PyPI, Bower, and RubyGems.  

19 avril 2017 - DockerCon 2017, résumé

2017’s DockerCon was held in Austin, Texas this past week. DockerCon is the annual conference centered on the container industry and community. Below is a round up of all the pressing news that was dropped at the event. We will be featuring news from StorageOS, TwistLock, Mesosphere, and Mirantas.

19 avril 2017 - Sonatype annonce une solution DevOps sécurisée destinée aux développeurs Python

Sonatype announced that its Nexus Firewall will offer support for automated governance of PyPI components before the end of the quarter.

10 avril 2017 - Avec le développement de DevOps, l'automatisation devient la clé de la sécurité des applications

IT organizations continue to struggle with breaches, which have risen sharply over the past three years. Yet during the same period, the use of secure components has remained flat, suggesting that more organizations must improve their applications' security posture.

23 mars 2017 - De nouveaux travaux effectués sur DevOps par Sonatype révèlent l'évolution des pratiques en matière de sécurité des applications

Sonatype, the leader in software supply chain automation, has announced the results of its 2017 DevSecOps Community Survey which was conducted in February.  There were 2,292 IT professionals that participated in the online survey which revealed that mature development organisations ensure automated security is woven into their DevOps practice, early, everywhere, and at scale. Analysis of responses also found that IT organisations continue to struggle with breaches as nearly a 50% increase was recorded between Sonatype’s 2014 and 2017 survey.

23 mars 2017 - DevOps englobe des mesures de sécurité afin de créer des logiciels plus sûrs.

DevOps is not simply transforming how developers and operations work together to deliver better software faster, it is also changing how developers view application security. A recent survey from software automation and security company Sonatype found that DevOps teams are increasingly adopting security automation to create better and safer software.

22 mars 2017 - DevSecOps-Automatisierung hilft Development-Teams

Professionelle Software-Hersteller haben bereits weitreichend DevOps-Praktiken umgesetzt und lassen auch Sicherheitsaspekte vermehrt automatisiert in die Strategie mit einfließen. Zu diesem Schluss kommt eine Studie von Sonatype, einem Anbieter von Software-Supply-Chain-Automatisierung.

22 mars 2017 - Une étude révèle l'évolution des pratiques en matière de sécurité des applications.

Sonatype has announced the results of its 2017 DevSecOps Community Survey which revealed that mature development organisations ensure automated security is woven into their DevOps practice, early, everywhere, and at scale.

22 mars 2017 - Des entreprises intègrent la sécurité automatisée à DevOps

Mature development organizations make sure automated security is built into their DevOps practice early, everywhere and at scale, according to a new report by Sonatype.

21 mars 2017 - Évolution des pratiques en matière de sécurité des applications

Sonatype has published the results of its 2017 DevSecOps Community Survey.  2,292 IT professionals participated in the online survey conducted in February 2017. The survey revealed that mature development organizations ensure automated security is woven into their DevOps practice, early, everywhere, and at scale. Analysis of responses also found that IT organizations continue to struggle with breaches as nearly a 50% increase was recorded between Sonatype’s 2014 and 2017 survey.

21 mars 2017 - DevOps-Studie: Sicherheit frühzeitig einbinden

Sonatype hat die Ergebnisse der „2017 DevSecOps Community“-Umfrage bekanntgegeben.  2.292 IT-Experten nahmen an der im Februar 2017 durchgeführten Online-Umfrage teil. Die Untersuchung ergab, dass ausgereifte Entwicklungsorganisationen gewährleisten, dass Sicherheit automatisiert in ihre DevOps-Praktiken eingebunden ist, und zwar frühzeitig, überall und im richtigen Maßstab. Die Analyse der Antworten ergab außerdem, dass IT-Organisationen nach wie vor mit Sicherheitslücken zu kämpfen haben. Vergleicht man die Umfragewerte von Sonatype zwischen 2014 und 2017, so ist hier sogar ein Anstieg um nahezu 50 Prozent zu verzeichnen.

21 mars 2017 - Portail IT Pro

Mature development organizations make sure automated security is built into their DevOps practice early, everywhere and at scale, according to a new report by Sonatype
BaltimoreBusinessJournal logo.png

2 février 2017 - Les quatre principaux bénéficiaires de capital-risque de 2016

Sonatype Inc., Vtesse Inc., NextCure and GrayBug LLC were the four companies that received the most venture capital funding in 2016.
Dzone logo copy.png

1er février 2017 - État de la chaîne logistique logicielle en 2017

Thanks to Derek Weeks, V.P. and DevOps Advocate for Sonatype for sharing their second annual report on managing open source components to accelerate innovation. Following are the key findings of their research...
CW_Logo-hero.png

20 janvier 2017 - Sonatype : 1 composant applicatif open source sur 15 contient au moins une faille de sécurité

Software supply chain automation company Sonatype is hanging out the flags to celebrate the fact that it has experienced a 300 percent growth in the use of its Nexus Repository over the past three years.
appdev magazine logo copy.png

13 janvier 2017 - Examiner JavaScript pour en identifier les vulnérabilités : l’impossible est désormais possible

Javascript is everywhere, and it's awesome! But the world most popular language can be riddled with problems if you aren't a careful programmer.
container journal copy.png

6 janvier 2017 - Sonatype prend en charge la gouvernance des conteneurs

As usage of containers continues to proliferate across the enterprise there will be some natural shifting of management responsibility between developers and IT operations teams in many organizations. In fact, most developers will have a bare-minimum involvement in anything to do with IT governance.
threatpost-logobw.png

15 décembre 2016 - Réutilisation de code, un danger pour le développement de logiciels sûrs

The amount of insecure software tied to reused third-party libraries and lingering in applications long after patches have been deployed is staggering. It’s a habitual problem perpetuated by developers failing to vet third-party code for vulnerabilities, and some repositories taking a hands-off approach with the code they host.
logo-sdx-central-small bw.png

8 décembre 2016 - Sonatype ajoute la vérification des conteneurs à son logiciel Nexus Lifecycle

Sonatype, a company offering a kind of quality control for software components, has extended its reach into the container world.
federal_news_radio.png

28 novembre 2016 - DevOps et le développement logiciel agile

Today’s interview is with Matt Howard, executive vice president for Market Development at Sonatype.   His company helps federal software developers put together code quicker, cheaper, and in a more secure manner.
The Register Logo bw.png

11 novembre 2016 - Aimeriez-vous suivre 15 heures de DevOps

It’s one thing logging onto a 15 hour online event covering the world of DevOps. It’s quite another watching it live in the comfortable offices of one of the main sponsors with complimentary food and drinks from morning until evening. Plus happy hour.
appdev magazine logo copy.png

1er novembre 2016 - Pourquoi les logiciels ne sont plus développés en partant de zéro

Application developers are increasingly reliant on open source component parts because pre-fabricated components speed up innovation and save developers the time (and money) of having to write code from scratch.
eweek logo bw.png

21 octobre 2016 - Sonatype cartographie le génome de JavaScript pour DevOps

Sonatype has mapped out the JavaScript genome to help organizations with high-velocity, automated development practices.
cio_logo.jpg

26 septembre 2016 - Que contient votre code ? Le pourquoi d'une software bill of materials

When developers and suppliers carefully list the tools used to build an application and what third-party components are included, IT can improve software patching and updates.

ADT MAG

21 septembre 2016 - 14 dirigeants DevOps unissent leurs forces

CloudBees, Sonatype, GitHub, CA Technologies and 10 other IT solutions and service providers have announced that they are forming an alliance with the goal of making it easier for enterprises to adopt the software stack needed to implement DevOps in their organizations.
LOGO_SDTimes.png

15 septembre 2016 - Jenkins World : CloudBees, DevOps Express, projet Blue Ocean et Live Recorder de Undo

Fourteen DevOps technology leaders announced a new initiative to streamline DevOps adoption at this week’s Jenkins World. The new DevOps Express aims to help answer key questions such as where to start, what a typical DevOps stack looks like, how to learn from others, how to minimize risk, and how to ensure technologies will work together.
computing logo bw.png

15 septembre 2016 - 14 fournisseurs DevOps s'allient pour simplifier l’adoption par les entreprises des meilleurs outils

DevOps Express initiative aims to streamline the way enterprises transform their software development and delivery processes to DevOps.

dotnetpro logo bw.png

14 septembre 2016 - Sonatype und CloudBees starten DevOps Express-Initiative

14 Branchenführer haben sich zum Ziel gesetzt, die Kundenzufriedenheit mit "kampferprobten" nativen DevOps-Lösungen zu verbessern.
federal_news_radio.png

19 août 2016 - Derek Weeks : un examen approfondi de la chaîne logistique logicielle

The software world is being flooded with open source product. In fact, the federal government has an open-source-first policy. But maybe it's time to stop and think about sources of open source. Where does all that code originate? The software supply chain. That's something Derek Weeks, vice president and DevOps advocate at Sonatype, looks at carefully. He joins Federal Drive with Tom Temin.

GCN

22 juillet 2016 - Protéger la chaîne logistique logicielle open source

What: The 2016 State of the Software Supply Chain report from Sonatype detailing the use of open source components in software. Why: Because 80 to 90 percent of today’s software applications are made of component parts, and increasingly, open source components,  defect rates and security and quality issues abound within the software supply chain. Adopting supply chain automation principles, however, could reduce vulnerabilities.

adt_mag.png

12 juillet 2016 - Rapport : 1 composant Java sur 16 contient des défauts de sécurité

Sonatype has just released its second annual report on managing open source components. The "2016 State of the Software Supply Chain" report is available now, and well worth reading.
computerworld_logo.png

11 juillet 2016 - Les développeurs de logiciels d’entreprise continuent d’utiliser du code défectueux dans leurs applications

Companies that develop enterprise applications download over 200,000 open-source components on average every year -- and one in 16 of those components has security vulnerabilities.

CSO

11 juillet 2016 - Les développeurs de logiciels d’entreprise continuent d’utiliser du code défectueux dans leurs applications

The use of third-party code in enterprise software projects is growing fast, but the used code often has known flaws. 
Logo Dive

11 juillet 2016 - Rapport : les entreprises sont plus tributaires de composants open source et de logiciels tiers

The software supply chain is booming and enterprises are frequently turning to open source and third party software components to decrease the amount of code they have to write, which helps accelerate deployment cycles, according to Sonatype’s 2016 State of the Software Supply Chain report released Monday.
esecurity

11 juillet 2016 - Sécurité applicative perfectible

Application security suffers from the indiscriminate use of open source software components, finds Sonatype research.
LOGO_SDTimes_copy-1.png

11 juillet 2016 - Rapport sur l’état de la chaîne logistique logicielle

Open-source software is being used more than ever, yet practices for sourcing the software are inefficient and vulnerabilities are pervasive, according to a report from supply-chain automation provider Sonatype. 
LOGO_SDTimes_copy.png

13 avril 2016 - Sonatype lance le nouveau Nexus Universal Repository Manager

Sonatype, the leader in software supply chain automation, today released the latest version of Nexus Repository, adding free support for seven of the most popular software component types. Additionally, Sonatype announced that Nexus Repository has now surpassed 100,000 active installations, including a majority of the Fortune 100, and continues to experience massive growth in usage. 
the_wall_street_journal.jpg

4 février 2016 — Goldman Sachs investit 30 millions de dollars dans Sonatype

Goldman Sachs has led a $30 million investment in software developer Sonatype to help protect the quality of its open source software.
Washington-post-logo-thumb.jpg

4 février 2016 — Une entreprise informatique du Maryland reçoit 30 millions de dollars de Goldman Sachs

Jackson said helping Goldman with its own software infrastructure led to the financing announced Thursday. If the institution hadn’t been a customer, he says, “they probably never would have found us.”
fortune_logo.png

4 février 2016 — Goldman Sachs investit 30 millions de dollars dans une entreprise spécialiste dans la réfection de la chaîne logistique logicielle

Don Duet, who co-leads the tech division at Goldman, cited the growing importance of open source code at his company as justification for the deal. “Today, open source components underpin a vast majority of our most mission-critical applications at the firm,” he said in a statement.
techcrunch_logo-1.png

4 février 2016 — Sonatype reçoit un investissement de 30 millions de dollars de Goldman Sachs

Sonatype, a company that helps customers create automated, policy-driven software component security, announced a $30 million round today led by Goldman Sachs.
cnn_money_copy.png

15 décembre 2015 — Les règles informelles du piratage

Sonatype CTO Josh Corman is featured in CNN Money news segment from DefCon 2015 in Las Vegas, discussing white hat hacking as a force for good.
Forbes-logo.jpg

14 décembre 2015 — Du code open source plus sûr au sein des entreprises – Nexus Firewall de Sonatype

Given this new proliferation of open source software components, we are starting to see automation controls come forward to help control these essentially dynamic and constantly developing code bases. 
hp-enterprise-logo.png

20 novembre 2015 — Qui a intégré la sécurité à DevOps ?

Josh Corman featured in a series that covers DevOps and SecOps, and securing the Internet of Things.
pc_world.png

13 novembre 2015 — Des milliers d’applications Java vulnérables à l’exécution à distance d'un code datant de neuf mois

A popular Java library has a serious vulnerability, discovered over nine months ago, that continues to put thousands of Java applications and servers at risk of remote code execution attacks.
infoq_copy.png

13 novembre 2015 — Partenariat dédié à la sécurité des conteneurs entre Twistlock et Sonatype

Twistlock have also partnered with Sonatype in order to help developers keep vulnerabilities out of the ‘left hand side’ of the image creation process.
mashable-logo_copy.png

18 août 2015 — Toutes les cyberattaques (connues) subies par les autorités américaines

Federal agencies have suffered at least a dozen major data breaches or network intrusions since 2007. What's troubling is, experts say these are high-tech attacks trending toward an old-fashioned end: Espionage.
fox_business_copy.png

14 août 2015 — Josh Corman, directeur technique de Sonatype, interviewé sur Fox Business News au sujet du récent piratage de la facture de téléphone de Verizon

Sonatype CTO, Josh Corman, is interviewed on Fox Business News about cyber security and recent hacks on vehicles, medical devices and now a Verizon phone bill with a $117,000 charge.
cnbc_logo_copy-1.png

12 août 2015 — Interview par CNBC du directeur technique de Sonatype, Josh Corman, à propos de la cybersécurité

CNBC interviews Sonatype CTO, Josh Corman, about a suspected Russian attack on the Pentagon with a discussion about the broader implications of cyber security.
InfoSecurity-Magazine.png

20 juillet 2015 — Quand le bon code se gâte

Unlike other industries that rely on supply from other organizations, software development has no clear way to understand when an open source or proprietary component 'part' is found to be defective.
Cnet-logo-Pentagram_copy.png

23 juin 2015 — Avertissement : les programmeurs copient des failles de sécurité dans votre logiciel

Programmers -- the people who create the software -- don't write all their code from scratch, instead borrowing freely from others' work. The problem: they're not vetting the code for security problems.
cio_logo.jpg

16 juin 2015 — Les applications logicielles contiennent en moyenne 24 vulnérabilités issues de composants bogués

Many commercial software companies and enterprise in-house developers are churning out applications that are insecure by design due to the rapid and often uncontrolled use of open-source components.
apps.png

1er juin 2015 — Sonatype facilite la mise en œuvre de l’approche DevOps pour le développement d'applications.

Applications are rarely built from scratch today, but rather tend to leverage myriad tools and libraries as organizations increasingly move to a rapid deployment DevOps style of IT.
SoftwareMagLogoWeb.jpg

18 mai 2015 — Apprendre par l'exemple : ce que les développeurs de logiciels peuvent apprendre de Toyota au sujet des chaînes logistiques

Software developers can learn a lot from the example of car manufacturing. Both stand to benefit from reducing the complexity in their supply chains and gaining more control over the parts they use.
darkreading.png

23 janvier 2015 — L'utilisation grandissante de l'open source augmente les risques liés à la sécurité des entreprises

The data breaches disclosed earlier this month at Park ‘N Fly and OneStopParking.com, two major airport parking services, highlight the continuing risk that enterprises face from using open-source software in their environments without a plan for managing it.
GCN_logo_copy.png

21 janvier 2015 — Les systèmes qui reposent sur des composants open source et que vous utilisez sont-ils sûrs ?

The Cyber Supply Chain and Transparency Act of 2014 requires any supplier of software to the federal government to identify which third-party and open source components are used and verify that they do not include known vulnerabilities for which a less vulnerable alternative is available.