Sonatype, the software company that enables developers to rapidly build secure software while also eliminating compliance and licensing risk, today released a new version of its Component Lifecycle Management (CLM) software.

Today, 90 percent of the typical enterprise application is comprised of open source building blocks, known as components. These reusable components allow for great speed, efficiency and innovation. The downside is that without proper insight and governance, organizations risk crippling attacks, licensing liability, and compliance exposure.  71 percent of applications contain components with known security flaws classified as severe or critical and an alarming 76 percent of all organizations have no component management policies in-place.
 
With automated governance, monitoring, and alerts, Sonatype CLM allows enterprises to accurately identify flawed components and proactively fix these components throughout the software development lifecycle.

Product capabilities and enhancements include:
 
· Component Inventory – produces a complete “bill of materials” to track which components are used and where they are used across your application portfolio
· Risk Determination – determines which components present a security risk, are out of date, or present licensing liability exposures
· Risk Relief – enables you to quickly exchange risky components with the most appropriate version

Five of the world’s largest banks, multiple multinational corporations, and several of the United States’ largest government agencies have recently enlisted Sonatype to assist them in addressing what is, for many, an application security crisis.
 
Added Steffen Evers, Open Source Officer at Bosch Software Innovations, “At Bosch Software Innovations, we are dedicated to delivering high quality software products on time.  Open source software has become an important addition to our in-house software development.  Sonatype CLM makes it easy for us to use the right components, to avoid security and licensing risks, and comply with our policies.”
“Software runs the world, so it is vital that it runs properly and securely,” said Wayne Jackson, CEO of Sonatype.   “Sonatype CLM goes a long way to addressing a major software development problem – assuring that enterprises avoid the risks inherent with using flawed open source components when bringing mission-critical applications to market.”