Sonatype expands firewall to stop dev vulnerabilities
|Christian Hargrave in Security Friday, March 9, 2018|
New developer security solution announced to stop open source vulnerabilities from happening to your projects.
The State of the Software Supply Chain Report revealed that in 2016 7.2% (1 in 14) of open source components downloaded to repository managers contained a known security vulnerability. Companies with non-existent or manual governance processes are prone to vulnerable open source components making their way into production web applications, dramatically increasing the risk of data breaches.
“All developers love using open source components to accelerate innovation - but none of them want to unwittingly introduce security vulnerabilities into their application”, said Brian Fox, CTO of Sonatype. “Nexus Firewall automatically stops defective open source components from reaching developers - which eliminates risk at the earliest stage of the development life cycle. The results have been incredible. Within the first 90 days of using Nexus Firewall, one customer automatically prevented 1,500 vulnerable components from entering their development lifecycle and eliminated 34,000 hours of manual reviews.”
“Rather than wait until an application is assembled to scan and identify these known vulnerabilities, why not address this issue at its source by warning developers not to download and use these known vulnerable components (and in cases of serious vulnerabilities, block the download)?”, wrote Gartner analysts Neil MacDonald and Ian Head in their 3 October 2017 report, 10 Things to Get Right for Successful DevSecOps. “To address this issue, some providers offer an ‘OSS firewall’ (Sonatype Nexus Firewall) to expose the security posture of libraries to developers to make educated decisions about which versions to use. Using this approach, the developer can explicitly block downloads of components and libraries with known severe vulnerabilities (for example, based on the severity of the CVE assigned).”
Are you paying more taxes than you have to as a developer or freelancer? The IRS is certainly not going to tell you about a deduction you failed to take, and your accountant is not likely to take the time to ask you about every deduction you’re entitled to. As former IRS Commissioner Mark Everson admitted, “If you don’t claim it, you don’t get it.
Get hands-on experience in performing simple to complex mobile forensics techniques Retrieve and analyze data stored not only on mobile devices but also through the cloud and other connected mediums A practical guide to leveraging the power of mobile forensics on popular mobile platforms with lots of tips, tricks, and caveats.
Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.