Software development vendor Sonatype is tacking this issue with its updated component lifecycle management (CLM) 1.8 release. The basic idea behind CLM is to make sure that the components used in application development and deployment are up to date, which helps limit the risk of exploitation from known and already-patched software defects. With its CLM 1.8 release Sonatype tweaked the software to make it more transparent for an organization to determine risk as well as to determine options for swapping out a risky component with a better one.
“Most fundamentally we’re about helping organizations develop better software,” Sonatype CEO Wayne Jackson told eSecurity Planet. “Last year we served something on the order of 13 billion open-source components.”