The Payment Card Industry (PCI) standards help ensure that banks, financial services firms and merchants protect their customer's credit card data. Credit card security became more challenging with the mandate to "avoid components with known vulnerabilities" based on recent Open Web Application Security Project (OWASP) guidelines. The good news is that Sonatype makes it easy to avoid this risk and achieve PCI compliance.
These days, your developers are assembling the majority of your applications using open source building blocks called “components,” which are shared in a vast global developer network. Yet, your organization probably doesn’t know what components are used, where they are used, or which have security risk that do not comply with PCI standards.
Sonatype created Nexus Lifecycle (formerly Component Lifecycle Management) to help you meet PCI standards by providing complete visibility into component security, license and quality risks backed up by the automation and monitoring to ensure compliance over time.
Recent cyber attacks targeting known vulnerabilities in heavily used older versions of a popular open source web framework called "Struts" impacted: global banks
Despite 30+ publicly disclosed vulnerabilities which were immediately fixed with 35+ new versions and an FBI Flash Alert, 2,682 organizations have downloaded vulnerable Struts versions 80,575 times. Empower your developers to avoid vulnerable components from the start. It’s a small investment that protects the 90% of your application comprised of components.
FS-ISAC recommends Sonatype for "Policy management and enforcement of open source
libraries and components." With Nexus Lifecycle, you can:
Find and remediate
problems early in development using the tools that your developers use everyday. No extra work or delays.
for open source security, license & quality with integration throughout your software development lifecycle.
to ensure trust over time, so you'll know when a new risk is discovered and exactly where you are impacted.
As a free community service, Sonatype offers a proprietary application analysis tool you can use to run your own confidential "application health check."