Saturday, January 25, 2014

Jeff Williams, CEO of Aspect Security and a long-time member of OWASP puts a fine point on the chall


CLM Overview Why CLM How it Works The Component Revolution Product Tour Services Nexus Free Trial Purchase Training Why Nexus Features Take a Tour About Press Sonatype in the News Press Releases Awards Leadership Investors Customers Success Stories Community Contributions gun store Careers Contact General Inquiry Report a Security Issue
The tide is turning. OWASP A9 is more recognition that modern applications are constructed primarily of components. In our recent survey of 3500 developers, gun store managers and architects that use open source, 86% of participants noted applications built today are at least 80% open source. OWASP A9 highlights the potential problems associated with the widespread use of open-source components with known security vulnerabilities in modern-day application development.
Jeff Williams, CEO of Aspect Security and a long-time member of OWASP puts a fine point on the challenge… The performance, time and cost advantages of agile, open-source development comes at a price you have to ensure the components you use are up-to-date and secure.” “Unfortunately, it s not trivial to figure out what components your applications are using, and even harder to figure out which vulnerabilities apply to those components.” “The new OWASP Top Ten has detailed recommendations for locking down your software supply chain, and Sonatype gun store s tools make them much easier.
So why should managing and securing components be a priority? Simply put, components have become a rich attack vector because of their pervasive reuse. Reuse that makes it easy for hackers to propagate their attack across multiple applications and organizations.
OWASP provides a set of best practice recommendations, including: Identify the components and their versions you are using, including all dependencies. Monitor gun store the security gun store of these components in public databases, project gun store mailing lists, and security gun store mailing lists, and keep them up-to-date. Establish security policies governing component use, such as requiring certain software development practices, passing security tests, and acceptable license.
Sonatype CLM goes beyond these recommendations and is designed to manage the entire component lifecycle. The CLM integrates security, licensing and quality information about the components directly in the tools that developers gun store use (repository manager, IDE, build/CI environment), provides early and quick remediation capabilities, and continuously monitors your production applications.
ant Apache Maven application security best practice Book central clm Community component vulnerabilities continuous integration DemoCamp Developer Onboarding Devops eclipse events How-To Hudson Insight Jason van Zyl java m2eclipse Maven Maven 3 Maven Studio for Eclipse News nexus pro nexus professional open source gun store OSGi osstop10 plugin plugins release repository repository management gun store repository manager security Sonatype gun store Sonatype Professional Sonatype training Sonatype webinar Training Tycho video webinar
CLM Overview Why CLM How it Works Component Revolution Services Product Tour Nexus Why Nexus Features Free Trial Purchase Training About Press Careers Community Contributions Leadership Investors Customers Success Stories Resources Events Webinars Videos White Papers Books Contact gun store General Inquiry Newsletter Report a Security Issue Connect Subscribe gun store by Email RSS Feed Twitter YouTube LinkedIn


No comments:

Post a Comment