Sonatype Acquires Vor Security
July 11, 2017

Sonatype has acquired Vor Security.

Ken Duck, founder and CEO of Vor will join the product and engineering team at Sonatype to continuously expand and refine the open source component intelligence service that underpins the Nexus platform.

As founder and CEO of Vor, Duck created the OSS Index, an innovative and free online index of known open source software vulnerabilities. Today, the index contains more than 2.1 million packages and detailed information on more than 120,000 vulnerabilities across an array of open source ecosystems.

Sonatype also introduced Nexus Lifecycle XC, a new data service delivered via the Nexus IQ server that will provide organizations with component intelligence covering a wide swath of open source ecosystems and formats including Ruby, PHP, Swift, CocoaPods, Golang, C, and C++.

Compared to the precisely accurate open source intelligence offered by Nexus Lifecycle for Java, JavaScript, NuGet, and PyPI -- traditional vendors of Software Composition Analysis (SCA) tools have long provided commodity open source intelligence across a broad spectrum of ecosystems.

Over time, organizations have come to value the unique accuracy of Nexus Lifecycle data for Java, JavaScript, NuGet, and PyPI; but they still require open source intelligence for a wide variety of other ecosystems. Beginning today, Sonatype is delivering a win-win intelligence engine that combines the depth of Lifecycle data for machine automated open source controls with the breadth of Lifecycle XC data for foundational open source governance.

“Empowering software development teams with broad and precise visibility into the open source supply chain is critical to practicing proper application security hygiene. Sonatype’s world-class team has led the way in bringing remarkably accurate component intelligence to the forefront of the DevOps movement, and I am excited to join forces with their amazing team and continue the journey,” said Ken Duck, CEO of Vor Security.

“Since its introduction in 2012, Nexus Lifecycle has seen tremendous acceptance in the market because it provides remarkably precise and accurate intelligence with respect to open source components across Java, JavaScript, NuGet, and PyPI. While enterprise customers, especially those practicing DevOps, place a premium value on the accuracy and precision of our Nexus Lifecycle data, they also need intelligence for a wide variety of other formats and ecosystems. The combination of Lifecycle and Lifecycle XC gives customers the best of both worlds -- a premium intelligence service that fully automates enforcement of open source policies inside of a DevOps pipeline, plus a stock data intelligence service to inform basic hygiene for all other ecosystems,” said Wayne Jackson, CEO of Sonatype.

The Latest

July 20, 2017

Financial services organizations are high value targets for cyber criminals all over the world. Because of this, it is imperative that the keys and certificates used by financial service DevOps teams are properly protected. If not, bad actors can easily exploit cryptographic assets and wreak havoc on sensitive corporate data, all while remaining undetected ...

July 18, 2017

In the last year, businesses around the globe significantly increased their use of open source and although they readily acknowledge growing concerns about open source-related security and operational risks, the effective management of open source is not keeping pace with the increase in use ...

July 17, 2017

A Forrester survey confirmed what high-performance organizations have already said – DevOps is here to stay. Diving into the details, however, the study also shows that the DevOps journey may be in for a rude awakening. Companies in all industries are embracing DevOps for superior productivity, but many organizations struggle to overcome barriers that prevent them from translating these programs into improved business results ...

July 14, 2017

Despite the pervasive belief that security and development teams have conflicting priorities, initiatives such as creating DevOps environments and focusing on product innovation have the two teams aligned toward a common goal of creating secure software, according to a new study from Veracode ...

July 12, 2017

Gartner, Inc. highlighted the top technologies for information security and their implications for security organizations in 2017 ...

July 10, 2017

DevOps practices lead to higher IT performance, according to the 2017 State of DevOps report This higher performance delivers improved business outcomes, as measured by productivity, profitability, and market share ...

June 28, 2017

Why Agile? DEVOPSdigest asked the experts for their opinions on what are the most important advantages of being Agile. Part 5, the final installment, covers how Agile improves product quality and the customer experience ...

June 26, 2017

Why Agile? DEVOPSdigest asked the experts for their opinions on what are the most important advantages of being Agile. Part 4 covers how Agile impacts team productivity ...

June 23, 2017

Why Agile? DEVOPSdigest asked the experts for their opinions on what are the most important advantages of being Agile. Part 3 covers how Agile enables you to grow and adapt to change ...

June 21, 2017

Why Agile? DEVOPSdigest asked the experts for their opinions on what are the most important advantages of being Agile. Part 2 is all about speed ...

Share this