LOGIN | REGISTER NOW | SUBSCRIBE
 
Print

Security practices take focus off programmers and onto systems


By Alex Handy


 Alex Handy
Email
October 11, 2012 —  (Page 2 of 3)
Repository medicine
Sonatype, the company behind open-source project Maven, has taken a new approach to its business in order to address security. Jason van Zyl, founder of Sonatype and creator of the Maven project, said that he realized soon after his new CEO Wayne Jackson, who has a software security background, joined the company that Sonatype was in a terrific position to offer security to its users. And so the company has added a security element on top of its offerings.

Maven works by using a central repository for storing verified Java artifacts. That means all the popular libraries, projects, frameworks and code stores are generally available in the Maven Central repository for anyone in the world to use for their builds.

This places Maven at the top of the Java food chain, and van Zyl said that Sonatype is in a unique position to observe all security updates for the entirety of Java. Thus, he said, Sonatype can serve as a security Sherpa for enterprises that use open-source Java components.

“We're purely focused on the third-party open-source component consumption. We've had to make something pretty sophisticated to look into a JAR file or classes,” said van Zyl. He said that not only is Sonatype tracking major security vulnerabilities in Java projects, the company has also released scanning tools to check for open-source code embedded or modified in other programs. This ensures that existing vulnerabilities aren't missed when they exist inside other code.

How does Sonatype stack up against traditional security-scanning companies? “They're focused on scanning your code, we are focused on working with the third-party open-source binaries we download,” said van Zyl. “As far as we can tell, our customers’ application development has essentially become component assembly, we've seen [that] upward of 80% of it is open-source components, or higher. Then there's the small bit of business code you're writing that adds value.”

Commercial accountability
While Sonatype is focused on ensuring the security of existing open-source components, and alerting users when they need to update a vulnerable library, SaaS code-scanning company Veracode is taking on matters from the other side of the fence. While Veracode cut its teeth scanning binaries for security holes, it's now offering to scan third-party applications for a fee as well.


Related Search Term(s): Denim Group, security, Sonatype, Veracode

Pages 1 2 3 


Share this link: http://sdt.bz/37067
 
Most Read  Latest News  Resources
SAP unveils SAP HANA platform innovations for Big Data and spatial processing
Features include smart data access and expanded cloud deployment options
Alteryx raises $12 million to put Big Data analytics in the hands of all business analysts
Quest founder's firm, Toba Capital, selects Alteryx as its first analytics investment
Google I/O kicks off
Developers get new APIs and tools, and the Go language hits version 1.1
Jelastic launches new version of its Java and PHP hosting platform
Jelastic today announced the launch of a new version of its ultra-scalable cloud hosting platform
Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter


close
NEXT ARTICLE
Cigital Develops Ready-to-Use Tools for Securing the Smart Grid
Cigital Inc. announced the release of the Guide to Developing a Cyber Security and Risk Mitigation Plan Read More...
 
 
 




News on Monday  more>>
Android Developer News  more>>
SharePoint Tech Report  more>>
Big Data TechReport  more>>

   
 
 

 


Download Current Issue
MAY 2013 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?