“Each for Equal”: 2020 International Women’s Day Theme Resonates in DevSecOps Because It Is a Business Issue
“Equality is not a women's issue, it's a business issue.” -- International Women’s Day website International Women’s Day began in America in 1911; today, millions of people around the globe mark March 8 as a day of action to support gender equality and human rights. This year’s theme, “Each for ... Read More
Nexus Innovator: Ken D’Auria of The Hartford
DevSecOps is such a new and evolving practice that it is helpful to hear from someone who can articulate, “Yes. DevSecOps works in theory and in practice.” In this Innovator edition, Ken D’Auria, Director of Engineering at The Hartford, describes a four-part DevSecOps evolution that may sound familiar to others ... Read More
Gartner: You Must Assess Overall Software Health and Welfare
Gartner’s recent report Technology Insight for Software Composition Analysis, makes four open-source security recommendations that companies should think about when determining what type of software composition analysis program they want to have. From the need for a software bill of materials, to the importance of a hardened software supply chain ... Read More
Nexus Innovator: David Radford-Grant of Achievers
Everyone knows that when the boss is happy, you’re happy. David Radford-Grant knows more about this than the average person, and for good reason. He is someone with a unique view into employee moods and behavior. That’s because, as Manager of DevOps Engineering at Achievers, he builds and refines an ... Read More
Gartner: The Crucial Role of OSS License Compliance
Gartner’s report, Technology Insight for Software Composition Analysis, makes four recommendations to improve software security. The first is to ensure a software bill of materials (or SBOM) exists for every software application; an SBOM illuminates all component parts and assists with rapid remediation, when necessary. The second recommendation is to ... Read More
Gartner: Mitigate Risk By Hardening the Software Supply Chain
When molten steel is immersed in water it transforms into one of the world’s strongest materials. A resilient software supply chain is no different. Hardened steel requires combining alloys; a hardened software supply chain requires combining specialized tools “to examine both internally and externally sourced code” that reinforce, remediate, and ... Read More
Nexus Innovator: Jasmine James of Delta
Previously, Jasmine James explained how she rolled out Sonatype at Delta Airlines. Today, she gives us a deeper glimpse into her career - How did she discover Nexus? How can others can follow a similar path? Learn from this DevSecOps leader ... Read More
Why You Need a Software Bill of Materials More Than Ever
Imagine that a new vulnerability in lodash was just announced. Applications using the npm package are being exploited through large scale automated DoS attacks. You need to act quickly to understand if your organization’s systems are at risk. You need to figure out if any of your 6,000 applications are ... Read More
“This is the New Op Model” – Why State Farm Sponsored ADDO, and the Results
Sonatype is among the many supporters of All Day DevOps (ADDO), the world’s largest conference for DevOps practitioners. Close to 40,000 people attended this year’s 24-hour event -- and 10% of them were from one company. We spoke with Kevin ODell of State Farm, the event’s largest underwriting sponsor, to ... Read More
Deloitte Names Sonatype in ‘Technology Fast 500’ for Fourth Consecutive Year
If the topic is speed, the subject is Sonatype. This week, Sonatype received another recognition in the form of Deloitte’s Technology Fast 500™ ranking, our fourth year on the list. The list recognizes the fastest growing technology, media, telecommunications, life sciences and energy tech companies in North America. We ranked ... Read More
