From the authors of Maven,Nexus, m2eclipse and otherleading technologies.                       The Sorry State of        ...
Central: Where Open Source Lives                        Sonatype
Ecosystem Lacks Change Awareness   WE DON’T KNOW ABOUT    WE CAN BELIEVE IN            14,334 Components Were Updated in 2...
Component Dependencies are Complex      of modern software80%   is open source.                           The global 2000 ...
Issues are Viral… 1,447 projects contain the flawed component                        …the Fixes are NOT
Houston, We Have a Problem!                       •   In the Last Year…                       •   6,982 Organizations     ...
Event-Driven Knowledge Engine                                                                                             ...
Delivering Knowledge. In Context.       Sonatype Insight
Sonatype: Transforming Software IntegrityStarted – Q3 2010Insight Pre-Launch – Q4 2011Insight Launch – RSA 2012           ...
From the authors of Maven,Nexus, m2eclipse and otherleading technologies.                                         Thank Yo...
Upcoming SlideShare
Loading in...5
×

Wayne Jackson's Presentation at RSA 2012

1,039

Published on

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,039
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
4
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • THAT AWARENESS IS VITAL, IN PART BECAUSE THE OPEN SOURCE ECOSYSTEM HAS NO NOTIFICATIONINFRASTRUCTURE. IMAGINE YOUR DESKTOP WITHOUT AUTO-UPDATE. IMAGINE DIGGING THROUGH THOUSANDS OF WEB SITES, SIFTING THROUGH RELEASE NOTES, SEARCHING FOR SECURITY BULLETINS, TRACKING DOWN CRITICAL FIXES.
  • AND THE ECOSYSTEM AFFECTED BY THIS CONDITION IS VAST - MORE THAN 80% OF MODERN SOFTWARE IS OPEN SOURCE AND THE TYPICAL ORGANIZATION USES THOUSANDS OF THESE OFTEN COMPLEX COMPONENTS.
  • THE COMPOUNDING REALITY IS THAT WHEN ISSUES DO ARISE, THE EFFECTS ARE VIRAL, WHILE THE FIXES ARE NOT. FOR EXAMPLE,PATCHING SPRING 2.5.6 DID NOTHING TO FIX THE 1,447 COMPONENTS THAT ITCOMPROMISEDOR THE UNTOLD NUMBERS OF DOWNSTREAMAPPLICATIONS THAT USED THEM.
  • THE RESULT IS SITUATIONS LIKE THIS... 6,982 ORGANIZATIONS – INCLUDING GLOBAL FINANCIAL INSTITUTIONS AND THE DEPARTMENT OF HOMELAND SECURITY – ARE ACTIVELY USING A THREE YEAR OLD CRYPTO LIBRARY WITH A REMOTELY EXPLOITABLE, BAD AS IT GETS, SECURITY FLAW WITH PUBLISHED EXPLOIT CODE. <PAUSE TO LET THIS SINK IN>
  • SONATPYE IS FOCUSED OBSESSIVELY ON CREATING ORDER AMIDST THIS CHAOS, DEVELOPING AN EXTRAORDINARY CAPACITY FOR BRIDGING CRITICAL AWARENESS GAPS. FIRST, BUILDING SOPHISTICATED INFRASTRUCTURE FOR MINING VIRTUALLY EVERYTHING KNOWABLE ABOUT A GIVEN SOFTWARE COMPONENT. AND, SECOND…
  • A PLATFORM FOR DELIVERING KNOWLEDGE DIRECTLY INTO THE TOOLS THAT DEVELOPERS AND DEVELOPMENT MANAGERS USE EVERY DAY. THAT PLATFORM, SONATYPE INSIGHT, ENABLES ORGANIZATIONS TO GOVERN DEVELOPMENT PROCESSES, TO CONTINUOUSLY MONITOR THE HEALTH OF THEIR REPOSITORIES, AND TO RETRIEVE REAL-TIME ALERTS WHEN CRITICAL APPLICATIONS ARE AFFECTED BY NEWLY DISCOVERED THREATS.
  • SO…TODAY, WE HAVE A VITAL, FRIGHTENINGLY COMPLEX ECOSYSTEM WITH VIRAL ISSUE PROPOGATION AND NO NOTIFICATION INFRASTRUCTURE… TOMORROW, WILL BE A LOT LESS FRIGHTENING. THE LAUNCH OF INSIGHTIS HAPPENING AS WE SPEAK. PRE-LAUNCH ACTIVITIES HAVE GENERATED MORE THAN 300 CUSTOMERS AND OVER THE NEXT FEW MONTHS, WE EXPECT THOUSANDS OF OTHERS TO JOIN THEM. A SIGNIFICANT ADVANCE, WE HOPE, IN THE STATE OF SOFTWARE INTEGRITY AND APPLICATION SECURITY.
  • Wayne Jackson's Presentation at RSA 2012

    1. 1. From the authors of Maven,Nexus, m2eclipse and otherleading technologies. The Sorry State of Application Security Wayne Jackson Chief Executive OfficerUsed by 80,000 organizations worldwide
    2. 2. Central: Where Open Source Lives Sonatype
    3. 3. Ecosystem Lacks Change Awareness WE DON’T KNOW ABOUT WE CAN BELIEVE IN 14,334 Components Were Updated in 2011 On Average, 400 Updates per Day
    4. 4. Component Dependencies are Complex of modern software80% is open source. The global 2000 average more than 1,000 unique components per month
    5. 5. Issues are Viral… 1,447 projects contain the flawed component …the Fixes are NOT
    6. 6. Houston, We Have a Problem! • In the Last Year… • 6,982 Organizations • Crypto Library • Level 10 Flaw • 3 Years After Fix
    7. 7. Event-Driven Knowledge Engine License Detail Update Events Knowledge Project Detail Component Detail Consumption Events Consumption Metadata Events Flaw Update Correlation Detail Reason CreationThe Central Repository Public & Private Component Usage Events Metadata Resources
    8. 8. Delivering Knowledge. In Context. Sonatype Insight
    9. 9. Sonatype: Transforming Software IntegrityStarted – Q3 2010Insight Pre-Launch – Q4 2011Insight Launch – RSA 2012 Already, more than 300 customers
    10. 10. From the authors of Maven,Nexus, m2eclipse and otherleading technologies. Thank You!Used by 80,000 organizations worldwide
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×