Author: Jane Edwards|| Date Published: December 22, 2022
Maury Cupitt, regional vice president of sales engineering at Sonatype, said government agencies should understand the importance of visibility and automation in the detection and mitigation of risks associated with open source software components.
Cupitt wrote that agencies should adopt a platform that could enable them to ensure the security of their software supply chains through visibility and automation.
He cited Sonatype’s Nexus Repository Manager and discussed how it could help agencies assess open source components, identify malicious components, detect vulnerabilities and address issues by running analyses and having visibility into the software bill of materials.
“In addition, our Nexus Repository Manager can be air-gapped for agencies that want their developers to go through a central repository that is not connected to the internet,” Cupitt said.
He also mentioned Lifecycle and how the platform could help organizations evaluate open source components at every phase of the software development cycle.
Cupitt noted that Sonatype believes open source is the key to innovation in the government and shows its commitment to the open source community by maintaining the Maven Central Repository.
GreyNoise Intelligence has launched a command-and-control detection capability designed to give federal agencies earlier visibility into compromised infrastructure. GreyNoise’s new…
Textron Aviation Defense has been awarded a five-year, $150 million contract to provide sustaining engineering and program management, or SEPM, services…
Merlin, an aerospace and defense technology company, has appointed former PsiQuantum executive Mark Brunner as chief revenue officer. What Will Mark Brunner Oversee?…
Fortreum has acquired Kovr.AI, an AI-native cybersecurity compliance platform, to combine automated compliance capabilities with independent assessment services for federal…
