Sonatype Acquires Vor Security
July 11, 2017

Sonatype has acquired Vor Security.

Ken Duck, founder and CEO of Vor will join the product and engineering team at Sonatype to continuously expand and refine the open source component intelligence service that underpins the Nexus platform.

As founder and CEO of Vor, Duck created the OSS Index, an innovative and free online index of known open source software vulnerabilities. Today, the index contains more than 2.1 million packages and detailed information on more than 120,000 vulnerabilities across an array of open source ecosystems.

Sonatype also introduced Nexus Lifecycle XC, a new data service delivered via the Nexus IQ server that will provide organizations with component intelligence covering a wide swath of open source ecosystems and formats including Ruby, PHP, Swift, CocoaPods, Golang, C, and C++.

Compared to the precisely accurate open source intelligence offered by Nexus Lifecycle for Java, JavaScript, NuGet, and PyPI -- traditional vendors of Software Composition Analysis (SCA) tools have long provided commodity open source intelligence across a broad spectrum of ecosystems.

Over time, organizations have come to value the unique accuracy of Nexus Lifecycle data for Java, JavaScript, NuGet, and PyPI; but they still require open source intelligence for a wide variety of other ecosystems. Beginning today, Sonatype is delivering a win-win intelligence engine that combines the depth of Lifecycle data for machine automated open source controls with the breadth of Lifecycle XC data for foundational open source governance.

“Empowering software development teams with broad and precise visibility into the open source supply chain is critical to practicing proper application security hygiene. Sonatype’s world-class team has led the way in bringing remarkably accurate component intelligence to the forefront of the DevOps movement, and I am excited to join forces with their amazing team and continue the journey,” said Ken Duck, CEO of Vor Security.

“Since its introduction in 2012, Nexus Lifecycle has seen tremendous acceptance in the market because it provides remarkably precise and accurate intelligence with respect to open source components across Java, JavaScript, NuGet, and PyPI. While enterprise customers, especially those practicing DevOps, place a premium value on the accuracy and precision of our Nexus Lifecycle data, they also need intelligence for a wide variety of other formats and ecosystems. The combination of Lifecycle and Lifecycle XC gives customers the best of both worlds -- a premium intelligence service that fully automates enforcement of open source policies inside of a DevOps pipeline, plus a stock data intelligence service to inform basic hygiene for all other ecosystems,” said Wayne Jackson, CEO of Sonatype.

The Latest

August 15, 2017

A common belief within DevOps circles is that automation not only enables greater frequency of delivery and deployment, but improves its overall success rate. Whenever manual intervention is required, the chances of errors creeping in increases. Human error is a significant factor in many an outage, after all ...

August 14, 2017

DevOps and NetOps are both far more generous in their opinion of the other with respect to prioritization of efforts than traditional archetypes purport them to be, and they have a lot in common – even though they may disagree on details – according to a new survey by F5 ...

August 10, 2017

Only 12 percent of organizations can claim that their whole organization is on the path to business agility even though more than two thirds of survey participants agreed that agile organizations are better able to quickly respond to dynamic business conditions, according to a new survey from CA Technologies ...

August 09, 2017

Alongside its clear benefits, DevOps brings unique challenges when developing and operating a mobile environment. Mobile app developers and development teams face a unique set of requirements relating to collaboration, testing, and release. Technology fragmentation, disparate back-end systems, updates that require user action, and poor instrumentation can impede the DevOps process and become critical roadblocks to agile mobile development, ultimately impacting app retention and the bottom line ...

August 07, 2017

A crashing app might be a deal breaker, no matter how heavy the load that an alternative website entry point can handle would be. It is all about quickly verifying compliance against key functional and non-functional requirements in order to meet aggressive release schedules as part of the Go-to-market strategy. This means positioning unit testing, UI testing, API testing, and, of course, performance and load testing — as pillars of SDLC ...

August 03, 2017

Most software developers make themselves easy targets for hackers, even when they are behind a corporate firewall, according to a new survey from Netsparker Ltd. ...

August 01, 2017

Your top priority is to improve application development agility, but you may run into roadblocks put up by a security team that (mistakenly) believes speed is the enemy of effective cybersecurity. A new survey finds a majority of enterprises are working to overcome those roadblocks by integrating security into their existing DevOps methodology ...

July 31, 2017

Agile development compresses software testing cycles, jeopardizing risk coverage and opening the door for software failures. Here's what you can do ...

July 27, 2017

While 75 percent of organizations highlight continuous testing as critical or important, only a minority of survey respondents have made exceptional progress acquiring the necessary knowledge and key enablers to drive digital transformation, according to a global study by CA Technologies ...

July 25, 2017

Test teams feel the need to adopt DevOps, but that migration is not always seamless, according to a new survey by LogiGear. That may be because 25 percent of respondents said their Ops/IT team is always helpful to the test team and its needs; 37 percent said Ops teams regularly help bring about good test environments; 27 percent said Ops can be "slow or difficult" ...

Share this