Why High-Quality Data is Critical for Effective Software Composition Analysis

To understand a company there’s no one better to talk to than their customer. That’s why Sonatype connected with IT Central Station to get insights from their membership on how they actually feel about Sonatype’s products. This is the first in a series of articles that employs real user experiences with Nexus Lifecycle and Nexus Firewall, to explore how next-generation Software Composition Analysis (SCA) solutions enable greater developer productivity. 

Up first – the importance of data quality. A secure software supply chain requires accurate, timely SCA data for all stakeholders, and higher quality data means greater confidence that real vulnerabilities will be recognized. With this, everyone involved in the development process can spend less time addressing false positives

Faster Issue Resolution

Nexus Lifecycle users leverage its data to learn about new open source vulnerabilities faster, which expedites problem-solving.

“The data quality is really good,” explained Russell W., a VP and senior manager at a financial services firm. “They’ve got some of the best in the industry as far as that is concerned. As a result, it helps us to resolve problems faster. The visibility of the data, as well as their features that allow us to query and search – and even use it in the development IDE (integrated development environment) – allow us to remediate and find things faster.”

A product strategy group director at a tech services company agreed, saying: “we don’t have masses of false positives. Overall, the data quality helps us solve problems faster.”

Using Nexus Lifecycle meant not having any issues for Wes K., a senior DevOps engineer at an insurance company. He was able to resolve issues and get answers to the developers quickly.

Security Analyst Ryan C. gave us additional detail: “I can pull up a library (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by IT Central Station. Read the original post at: