Prioritizing Collaboration and Eliminating Tech Debt with Sonatype

Pharmaceutical companies have an enormous responsibility to protect sensitive patient data, intellectual property, and clinical research from cyber threats Breaches can lead to severe financial, reputational, and legal repercussions, impacting patient trust and public health.

• Development teams must have confidence that the open source components they use are secure to protect customers, research, and the company’s reputation
• The medical/healthcare industry is subject to strict regulatory standards to ensure patient safety, maintain the efficacy of treatments, and protect public health
• Balancing the benefits and convenience of OSS with a security mindset is critical

The Challenge: Tackling Vulnerabilities and Eliminating Technical Debt

When this global pharmaceutical company needed to scale its DevSecOps environment, the company set out to create a developer-friendly user experience that would identify security issues as early in the process as possible.

• Kicked off with a Sonatype Lifecycle Policy Workshop to explore the user experience with developers, security and operations, and legal teams.
• When they began using Sonatype, they immediately identified hundreds of previously unknown vulnerabilities across thousands of applications

The Solution: The Sonatype Platform Delivers Rapid Vulnerability Remediation and OSS Visibility

The organization eliminated its initial backlog of vulnerabilities and set clear expectations about the acceptable level of technical debt.

• It’s now possible to make more informed decisions about which components should be used
• Developers no longer have to request a waiver for vulnerable components

The Results

This organization manages a national network of thousands of pharmacies and hundreds of thousands of employees: 

• Within three months, the company achieved a fix rate of nearly 100 percent.
• Breaking down the barriers between internal teams was a priority and their willingness to collaborate, coupled with their transparent communication and top-down involvement, was foundational to their success.