News Column

US and European Banks Tap Sonatype to Address Growing Software Security Threat

April 25, 2014

Sonatype, a software company that enables developers to build software applications while significantly reducing security, compliance, and licensing risks, continues to find its software in high demand.

According to a release, the company credits this momentum to an increasing awareness of the urgent need to address the risks associated with flawed open source components being used in millions of mission-critical software applications.

As is often the case when such critical threats emerge, the financial services sector is moving quickly to secure their software applications leveraging Sonatype's Component Lifecycle Management solution. Many other Fortune 500 companies are following suit.

In addition to US and European banks, leaders in these other key industries have become Sonatype customers:

-5 of the top 10 aerospace companies

-2 of the top 5 entertainment companies

-2 of the top 5 telecommunications companies

-2 of the top 5 healthcare insurance companies

-2 of the top 5 diversified financials companies

-2 of the top 5 network/communications companies

-75 percent of the top computer and peripheral companies

"Software runs the world, so it's vital that it runs securely," said Wayne Jackson, CEO of Sonatype. "The known vulnerabilities in many of the components being employed by software developers are becoming more visible based on the broad damage caused by Struts2 and now the mass awareness of the Heartbleed bug."

"The open source projects continue to do a terrific job quickly addressing newly discovered vulnerabilities, and now more of the enterprises doing component-based development are implementing Component Lifecycle Management to ensure they are using the safest versions," continued Jackson. "Based on the critical risk to the huge number of software applications that make the world's banks and other major corporations work, it's encouraging to see industry leaders tackling this problem head on."

Recognizing this risk, the FS-ISAC (Financial Services Information Sharing and Analysis Center) recently released guidance regarding open source libraries and components. Specifically, the guidance recommends that financial institutions apply automated policy management and enforcement as well as inventory management for open source libraries used in their application portfolio.

More information:

((Comments on this story may be sent to

For more stories covering the world of technology, please see HispanicBusiness' Tech Channel

Source: Professional Services Close - Up