SYS-CON MEDIA Authors: Liz McMillan, Yeshim Deniz, Elizabeth White, Pat Romanski, Ian Khan

News Feed Item

80 Percent of the Largest US and European Banks Deploy Sonatype to Address Growing Software Security Threat

Company Continues to Add Top Fortune 500 Customers

FULTON, Md., April 22, 2014 /PRNewswire/ -- Sonatype, a software company that enables developers to easily build software applications while significantly reducing security, compliance, and licensing risks, continues to find its software in high demand.  The company credits this momentum to an increasing awareness of the urgent need to address the risks associated with flawed open source components being used in millions of mission-critical software applications. 

As is often the case when such critical threats emerge, the financial services sector is moving quickly to secure their software applications leveraging Sonatype's Component Lifecycle Management solution.  Many other Fortune 500 companies are following suit.

In addition to 80 percent of the largest US and European banks, leaders in these other key industries have become Sonatype customers:

  • 5 of the top 10 aerospace companies
  • 2 of the top 5 entertainment companies
  • 2 of the top 5 telecommunications companies
  • 2 of the top 5 healthcare insurance companies
  • 2 of the top 5 diversified financials companies
  • 2 of the top 5 network/communications companies
  • 75 percent of the top computer and peripheral companies

"Software runs the world, so it's vital that it runs securely," said Wayne Jackson, CEO of Sonatype.  "The known vulnerabilities in many of the components being employed by software developers are becoming more visible based on the broad damage caused by Struts2 and now the mass awareness of the Heartbleed bug."

"The open source projects continue to do a terrific job quickly addressing newly discovered vulnerabilities, and now more of the enterprises doing component-based development are implementing Component Lifecycle Management to ensure they are using the safest versions," continued Jackson. "Based on the critical risk to the huge number of software applications that make the world's banks and other major corporations work, it's encouraging to see industry leaders tackling this problem head on."

Recognizing this risk, the FS-ISAC (Financial Services Information Sharing and Analysis Center) recently released guidance regarding open source libraries and components.  Specifically, the guidance recommends that financial institutions apply automated policy management and enforcement as well as inventory management for open source libraries used in their application portfolio.

Click here to access the FS-ISAC Third Party Software Security Working Group white paper: Appropriate Software Security Control Types for Third Party Service and Product Providers.

Organizations seeking insight on the component vulnerabilities that may be hidden in their applications can assess their risk with one of Sonatype's complimentary open source assessments at http://www.sonatype.com/resources/risk-assessments.

About Sonatype:

Every day, developers rely on millions of third party and open source building blocks – known as components – to build the software that runs our world.  Sonatype ensures that only the best components are used throughout the software development lifecycle so that organizations don't have to make the tradeoff between going fast and being secure.  Policy automation, ongoing monitoring and proactive alerts makes it easy to have full visibility and control of components throughout the software supply chain so that applications start secure and remain that way over time.  Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel Partners, Bay Partners, Hummer Winblad Venture Partners and Morgenthaler Ventures.   Visit: www.sonatype.com

SOURCE Sonatype

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
17th Cloud Expo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises a...
SYS-CON Media announced today that @WebRTCSummit Blog, the largest WebRTC resource in the world, has been launched. @WebRTCSummit Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @WebRTCSummit Blog can be bookmarked ▸ Here @WebRTCSummit conference site can be bookmarked ▸ Here
Database apps on mobile devices shouldn't stop working when there's limited or no network connectivity. In his session at 16th Cloud Expo, Bradley Holt, a Developer Advocate for IBM Cloudant, will discuss how to bring data stored in a cloud database to the edge of the network (and back again), whenever an Internet connection is available. He will demonstrate techniques for replicating cloud databases with mobile devices in order to build offline-enabled mobile apps that can provide a better,...
SYS-CON Events announced today that Secure Infrastructure & Services will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY, and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Secure Infrastructure & Services (SIAS) is a managed services provider of cloud computing solutions for the IBM Power Systems market. The company...
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using ...
In his session at WebRTC Summit, Peter Dunkley, Technical Director at Acision, will look at creating interactive communications via the web by adding messaging, file transfer, and group communication (group chat and audio/video conferencing) into the web experience. He will also discuss potential applications of this technology in areas including B2B, B2C, P2P, and gaming. Peter Dunkley is Technical Director at Acision. He graduated from The University of Edinburgh in 2000 with a BSc (Hons) in ...
The cloud has transformed how we think about software quality. Instead of preventing failures, we must focus on automatic recovery from failure. In other words, resilience trumps traditional quality measures. Continuous delivery models further squeeze traditional notions of quality. Remember the venerable project management Iron Triangle? Among time, scope, and cost, you can only fix two or quality will suffer. Only in today's DevOps world, continuous testing, integration, and deployment upend...
It's time to put the "Thing" back in IoT. Whether it’s drones, robots, self-driving cars, ... There are multiple incredible examples of the power of IoT nowadays that are shadowed by announcements of yet another twist on statistics, databases, .... Sorry, I meant, Big Data(TM), tiered storage(TM), complex systems(TM), smart nations(TM), .... In his session at WebRTC Summit, Dr Alex Gouaillard, CTO and Co-Founder of Temasys, will discuss the concrete, cool, examples of IoT already happening tod...
SYS-CON Events announced today that Site24x7, the cloud infrastructure monitoring service, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Site24x7 is a cloud infrastructure monitoring service that helps monitor the uptime and performance of websites, online applications, servers, mobile websites and custom APIs. The monitoring is done from 50+ locations across the world and from various wireless carr...
What exactly is a cognitive application? In her session at 16th Cloud Expo, Ashley Hathaway, Product Manager at IBM Watson, will look at the services being offered by the IBM Watson Developer Cloud and what that means for developers and Big Data. She'll explore how IBM Watson and its partnerships will continue to grow and help define what it means to be a cognitive service, as well as take a look at the offerings on Bluemix. She will also check out how Watson and the Alchemy API team up to off...
ScriptRock has been included in the list of "Cool Vendors" in the "Cool Vendors in DevOps 2015" report by Gartner, Inc.* ScriptRock provides visibility into the configuration state of an organization's IT environments, enabling the continuous delivery of mission critical services. For enterprises where downtime is not an option, ScriptRock's system-wide overwatch offers the assurance that misconfigurations and anomalies are caught before they affect the business. By satisfying this fundamental ...
Cloud and Big Data present unique dilemmas: embracing the benefits of these new technologies while maintaining the security of your organization's assets. When an outside party owns, controls and manages your infrastructure and computational resources, how can you be assured that sensitive data remains private and secure? How do you best protect data in mixed use cloud and big data infrastructure sets? Can you still satisfy the full range of reporting, compliance and regulatory requirements? In...
Between the compelling mockups and specs produced by your analysts and designers, and the resulting application built by your developers, there is a gulf where projects fail, costs spiral out of control, and applications fall short of requirements. In his session at DevOps Summit, Charles Kendrick, CTO and Chief Architect at Isomorphic Software, will present a new approach where business and development users collaborate – each using tools appropriate to their goals and expertise – to build mo...
Chuck Piluso will present a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. Speaker Bio: Prior to Data Storage Corporation (DSC), Mr. Piluso founded North American Telecommunication Corporation, a facilities-based Competitive Local Exchange Carrier licensed by the Public Service Commission in 10 states, serving as the company's chairman and president from 1997 to 2000. Between 1990 and 1997, Mr. Piluso served as chairman & founder of ...
While Docker continues to be the darling of startups, enterprises and IT innovators around the world, networking continues to be a real mess. Indeed, managing the interaction between Docker containers and networks has always been fraught with complications. Without automation in networking, the vision of running Docker at scale and letting IT run the same apps unchanged on the laptop and in the data center or for any cloud cannot be realized.