Many of my friends and most of my family struggle to understand what it is Sonatype does and therefore what I do all day.
We help companies develop more secure software by choosing better components (building blocks of the software...like parts in your car). Many public attacks that people try to think of when I say that are often unrelated. Except this one.
The Equifax attack occurred in a known vulnerable component that was fixed and announced months before the attack. We help our customers know what components they are using, in which applications, and when these vulnerabilities are announced, so they can fix them quickly.
So, if you want to know what we're doing all day... we're trying to help companies avoid more attacks like this. On your banks. On your government. On your infrastructure. Software is everywhere, this is the new reality. Companies must assume bugs will happen, it's how you respond (or don't) that ultimately matters.
Written by Brian Fox
Brian Fox is a software developer, innovator and entrepreneur. He is an active contributor within the open source development community, most prominently as a member of the Apache Software Foundation and former Chair of the Apache Maven project. As the CTO and co-founder of Sonatype, he is focused on building a platform for developers and DevOps professionals to build high-quality, secure applications with open source components.
Explore All Posts by Brian FoxTags