Hi [[ session.user.profile.firstName ]]

The Golden Repository of Yesterday is NOT the Answer

The Golden Repository - sounds good in theory. It ensures developers only use components vetted by their security, legal and architecture teams. But does it really work? A Golden Policy that ‘inspects all of your components all of the time’ is what you need. Learn how automated policies can guide and govern component usage while speeding development efforts.
Recorded Feb 12 2014 45 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Brian Fox; VP of Product Management, Sonatype
Presentation preview: The Golden Repository of Yesterday is NOT the Answer

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Continuous Acceleration with a Software Supply Chain Approach Recorded: Apr 30 2015 61 mins
    Gene Kim, CTO, Researcher, Author and Josh Corman, CTO, Sonatype
    Join Gene Kim, CTO, researcher and author of the best-selling book “The Phoenix Project” and Josh Corman, Sonatype CTO and co-founder of Rugged Software as they discuss how high performing organizations are applying proven supply chain principles to accelerate software delivery.
  • Strengthen Cyber Resilience with Software Supply Chain Visibility Recorded: Mar 11 2015 52 mins
    Joe Jarzombek, Director of Software Assurance at DHS & Joshua Corman, CTO at Sonatype
    Our dependence on software continues to grow, powering some of our nation’s most critical infrastructure. To secure our cyber assets, we need to apply high standards to our software suppliers as well as the third party parts built into our software. Join the discussion on:

    •How open source and component-based development is driving the need for a software supply chain
    •Techniques and technologies used to vet software suppliers and components
    •The role of potential legislation in managing software risk
  • Accelerating Continuous Delivery by Improving NuGet Component Management Recorded: Jan 23 2015 39 mins
    Marcel de Vries
    Use of repository managers in continuous delivery environments are shown to reduce build times 20-fold as compared to relying on public open source repositories like the NuGet Gallery. By relying on a local caching proxy for the NuGet Gallery and hosting your own proprietary NuGet packages locally, you can dramatically improve build speeds and reliability.

    In this session, we also show how a repository manager that integrates with NuGet helps .NET developers manage component versions, dependencies and license types using proxy facilities to ensure a continuous flow of development and faster cycle times. Learn how to integrate Sonatype Nexus, in your continuous delivery strategy and benefit from a frictionless experience for all developers.
  • Media Powerhouse Achieves Continuous Development and Open Source Governance Recorded: Oct 22 2014 60 mins
    Nigel Simpson, Director of Architecture in the Media and Entertainment Industry
    Are you using open source software components to achieve continuous development and faster cycle times? Does your need for speed conflict with your organization’s open source policies and processes? Hear from Nigel Simpson, Director of Architecture at a major media industry powerhouse on how they built a ‘developer centric’ open source governance strategy that balanced the goals of both development and security.
  • Sonatype Product Roadmap Revealed: In Depth Open Source Risk Management Recorded: Sep 25 2014 57 mins
    Brian Fox, VP of Product Management, Sonatype
    For years, development teams and now security professionals have looked to Sonatype for better management of open source and third party components across the software supply chain. Join our live product roadmap discussion on September 25th to learn more about our commitment to helping you achieve real business value from your enterprise applications more quickly - with efficiency, quality and security addressed across the software lifecycle. See how with new product advancements for more component languages, a consolidated risk management dashboard and expanded integration points across the SDLC can bring your organization enterprise-class component management to your development operations.
  • 2014 Open Source and Application Security Survey Results Recorded: Jun 18 2014 62 mins
    Adrian Lane; CTO & Analyst, Securosis and Brian Fox; VP of Product Management, Sonatype
    Over 3,300 participated! The final results of our 4th Annual Open Source and Application Security Survey are in. Adrian Lane from Securosis and Brian Fox from Sonatype provide a detailed breakdown of the findings from a developer and an application security perspective. They discuss policies, practices, and breaches as well as how organizations can use these results to create constructive conversations to feed their open source security management practices.
  • Lessons Learned from Heartbleed, Struts and the Neglected 90% Recorded: May 1 2014 60 mins
    Wendy Nather; Security Research Director, 451 Research and Josh Corman; CTO, Sonatype
    Watch this insightful and witty discussion between two old pals, Wendy Nather, Security Research Director at 451 Research and Josh Corman, CTO at Sonatype on the state of application security today. They share their perspectives on the changing landscape of application development and how this is impacting common application security approaches. They agree the dramatic shift from source code to component based development has created an open source security gap. With component vulnerabilities becoming national news, Heartbleed, Struts and the promise of more to come, now is the time for new strategies and tools to address the risks.
  • FS-ISAC's New Controls for Managing Risk from Open Source Libraries & Components Recorded: Apr 9 2014 63 mins
    Jim Routh; CISO, Aetna and Joshua Corman; CTO, Sonatype
    In December of 2013, the FS-ISAC Third Party Software Security Working Group released new controls to manage risk associated with open source libraries and components. These controls recommend financial institutions apply policy management and enforcement as well as inventory management for open source libraries and components used in their application portfolio. This webinar features Jim Routh, Aetna's Chief Security Officer and Joshua Corman, Sonatype's Chief Technology Officer sharing best practices for establishing an effective governance approach across the software supply chain.
  • New PCI Requirements for Component Security (Case Study) Recorded: Mar 12 2014 53 mins
    Monika Liikamaa; Director of Card Solutions, Crosskey
    With 12 major requirement categories and more than 250 individual requirements, PCI compliance has always been a challenge. Now that PCI and the OWASP Top 10 have been updated to address the use of vulnerable components in applications, companies have a new challenge to deal with. Listen to Monika Liikamaa, Director of Crosskey Card Solutions, as she shares best practices to consider when preparing your PCI Compliance efforts as well as how Crosskey was able to achieve full PCI Compliance for component security in just 6 weeks.
  • The Golden Repository of Yesterday is NOT the Answer Recorded: Feb 12 2014 45 mins
    Brian Fox; VP of Product Management, Sonatype
    The Golden Repository - sounds good in theory. It ensures developers only use components vetted by their security, legal and architecture teams. But does it really work? A Golden Policy that ‘inspects all of your components all of the time’ is what you need. Learn how automated policies can guide and govern component usage while speeding development efforts.
Content designed for security & application development professionals
Sonatype makes it easy to build trusted software and keep it that way overtime. If your organization develops applications, you are using third party and open source software components. Today's software is built with a supply chain of components from all over the globe. The challenge is knowing exactly which components you are using, where they are used and which ones are known to have security vulnerabilities or license and quality issues. Current application security approaches can’t scale to meet the demands of modern software development. Sonatype Component Lifecycle Management (CLM) provides a new way to identify, manage and monitor every component and its dependencies throughout the software lifecycle. CLM enables organizations to realize the promise of agile, component-based software development while avoiding security, quality and licensing risks.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The Golden Repository of Yesterday is NOT the Answer
  • Live at: Feb 12 2014 5:00 pm
  • Presented by: Brian Fox; VP of Product Management, Sonatype
  • From:
Your email has been sent.
or close