Sonatype: Secure code with less hassle

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

Software development has changed drastically over the past decade. Take a 22-year-old graduate with a degree in computer science. At one time, they would start off testing code, then start to write code line-by-line. Today, 80% of applications are developed using open source software. Instead of laboriously worrying over each caret and comma, code is grabbed and assembled. This can make for quick iterations and rapid project completion.

Headshots of Green and Weeks
Jason Green & Derek Weeks

However, malicious actors are informed of new software developments as well. During the discussion, Jason mentions that some see open source code with a 12% vulnerability factor. They are playing a two-step game.  First, create free open source code, and an organization downloads it. Then, they come back through a back door and inject malicious code.

Jason Green is the vice president, Public Sector, and Derek Weeks is the vice president and DevOps Advocate at Sonatype. They are subject matter experts and joined host John Gilroy on Federal Tech Talk to show how their company can reduce cost and increase cybersecurity for federal agencies.

Sonatype is used in over 150 federal agencies, and provides assurance that the code is clean. Their website claims to offer more secure code with less hassle by providing central repositories for code. Listening to this discussion just reinforces that difficulty of securing an enterprise-level system for attack.

Related Stories


Federal Tech Talk

TUESDAYS at 1:00 P.M.

Host John Gilroy of The Oakmont Group speaks the language of federal CISOs, CIOs and CTOs, and gets into the specifics for government IT systems integrators. Follow John on Twitter. Subscribe on Apple Podcasts or Podcast One.