Sonatype adds more open source intelligence with acquisition - Technical.ly Baltimore

Business

Jun. 29, 2017 10:16 am

Sonatype adds more open source intelligence with acquisition

The Fulton-based company acquired Vor Security to add info about security vulnerabilities for more frameworks.

Sonatype CEO Wayne Jackson speaks at RSAC.

(Photo courtesy Sonatype/YouTube)

Fulton-based Sonatype is bringing on some deeper knowledge about potential security vulnerabilties with an acquisition.

The company that makes tools to automate software processes and potential holes in open source code acquired Vor Security, which is based in Ottowa, Canada. Terms were not disclosed.

Vor Security founder Ken Duck created the OSS Index, which is an index of open source software vulnerabilities. The startup complied details on 120,000 security vulnerabilities. Access is initially free, and the company also offers premium licensing and support.

Sonatype will integrate the OSS Index into its platform, called Nexus Lifecycle. The platform had intelligence on security risks in Java, JavaScript, NuGet, and PyPl. The deal adds intelligence on frameworks that weren’t previously covered by Sonatype. Along with the acquisition, Sonatype said it is debuting a new service called Nexus Lifecycle XC, which offers intelligence on frameworks such as Ruby, PHP, Swift, CocoaPods, Golang, C, and C++.

The two companies are also complementary in their approach.

“Vor approached the vulnerability correction and assignment from the project to the components, which is exactly opposite of the Sonatype approach of finding the vulnerable code and tracking it back to the released component,” Sonatype’s Brian Fox wrote in a blog post about the deal. “By merging the top down and bottom up approaches, we can significantly increase our vulnerability coverage.”

Sonatype was founded in 2010 by Wayne Jackson, who was previously CEO of Sourcefire. The company raised $30 million last year, and has a host of corporate clients.

Advertisement

Duck, the Vor founder, will join Sonatype in the deal.

-30-
JOIN THE COMMUNITY, BECOME A MEMBER
Already a member? Sign in here

Advertisement

Baltimore-based Neuro Motor Innovations acquired by braintech company Mindmaze

Shipbuilding giant Huntington Ingalls acquires Maryland cyber company G2, Inc.

Zoom patches conference software after Tenable discovers security vulnerability

SPONSORED

Baltimore

SmartLogic propels digital transformation aboard Baltimore Water Taxi

Canton

TrackOFF

Junior Marketer

Apply Now
Canton

TrackOFF

IOS/Swift Developer

Apply Now
Canton

TrackOFF

Chief Engineer

Apply Now

DOJ indicts 2 in cyberattack against MedStar Health, municipalities

Baltimore-based Volo City acquires Bitches Who Brunch

Hanover, Md.–based cybersecurity company Dragos raises $37M Series B

SPONSORED

Baltimore

Join our Technical.ly Match beta, an opt-in alternative to recruiting

Canton

SmartLogic

Marketing Intern

Apply Now
Baltimore, MD 21201

14 West

Web Developer

Apply Now
Baltimore, MD 21201

14 West

Technical Course Specialist

Apply Now

Sign-up for daily news updates from Technical.ly Baltimore

Do NOT follow this link or you will be banned from the site!