Sonatype Acquires Vor Security
July 11, 2017

Sonatype has acquired Vor Security.

Ken Duck, founder and CEO of Vor will join the product and engineering team at Sonatype to continuously expand and refine the open source component intelligence service that underpins the Nexus platform.

As founder and CEO of Vor, Duck created the OSS Index, an innovative and free online index of known open source software vulnerabilities. Today, the index contains more than 2.1 million packages and detailed information on more than 120,000 vulnerabilities across an array of open source ecosystems.

Sonatype also introduced Nexus Lifecycle XC, a new data service delivered via the Nexus IQ server that will provide organizations with component intelligence covering a wide swath of open source ecosystems and formats including Ruby, PHP, Swift, CocoaPods, Golang, C, and C++.

Compared to the precisely accurate open source intelligence offered by Nexus Lifecycle for Java, JavaScript, NuGet, and PyPI -- traditional vendors of Software Composition Analysis (SCA) tools have long provided commodity open source intelligence across a broad spectrum of ecosystems.

Over time, organizations have come to value the unique accuracy of Nexus Lifecycle data for Java, JavaScript, NuGet, and PyPI; but they still require open source intelligence for a wide variety of other ecosystems. Beginning today, Sonatype is delivering a win-win intelligence engine that combines the depth of Lifecycle data for machine automated open source controls with the breadth of Lifecycle XC data for foundational open source governance.

“Empowering software development teams with broad and precise visibility into the open source supply chain is critical to practicing proper application security hygiene. Sonatype’s world-class team has led the way in bringing remarkably accurate component intelligence to the forefront of the DevOps movement, and I am excited to join forces with their amazing team and continue the journey,” said Ken Duck, CEO of Vor Security.

“Since its introduction in 2012, Nexus Lifecycle has seen tremendous acceptance in the market because it provides remarkably precise and accurate intelligence with respect to open source components across Java, JavaScript, NuGet, and PyPI. While enterprise customers, especially those practicing DevOps, place a premium value on the accuracy and precision of our Nexus Lifecycle data, they also need intelligence for a wide variety of other formats and ecosystems. The combination of Lifecycle and Lifecycle XC gives customers the best of both worlds -- a premium intelligence service that fully automates enforcement of open source policies inside of a DevOps pipeline, plus a stock data intelligence service to inform basic hygiene for all other ecosystems,” said Wayne Jackson, CEO of Sonatype.

Share this

Industry News

March 26, 2020

Redgate’s new SQL Monitor now ensures that DevOps teams can monitor and track deployments at all times.

March 26, 2020

Split Software announced a two-way data integration with Google Analytics that can instantly detect performance issues caused by new features.

March 26, 2020

Cloudreach earned the Kubernetes on Microsoft Azure advanced specialization.

March 25, 2020

Informatica updated its Intelligent Data Platform, powered by Informatica's AI-powered CLAIRE engine, with advanced intelligence and automation capabilities, enabling enterprises to accelerate cloud analytics modernization, drive better customer experiences, and properly govern and manage all their data.

March 25, 2020

Datical released Targeted Rollback capabilities for Liquibase, the rapidly growing open-source tool that helps application developers track, version and deploy database schema changes quickly and safely.

March 25, 2020

HashiCorp raised $175 million in Series E funding, at a company valuation of $5.1 billion.

March 24, 2020

Sysdig launched PromCat.io.

March 24, 2020

Sonatype announced expanded language coverage within Nexus Lifecycle to include Conan (C/C++), Composer (PHP), and RubyGems (Ruby), including the ability to create and contextually enforce policies.

March 24, 2020

Swimlane joined the Chronicle Index Partner program as part of a broader industry effort to help customers improve visibility of and response to cyber threats.

March 23, 2020

Portshift introduced Kubei Open Source container scanning software.

March 23, 2020

Perspecta achieved Amazon Web Services (AWS) DevOps Competency status.

March 23, 2020

Talend announced the availability of Talend Cloud in Microsoft Azure Marketplace, an online store providing applications and services for use on Azure.

March 19, 2020

DevOps Institute, a global member-based association for advancing the human elements of DevOps, announced eight Virtual SKILup Day micro-conferences starting April 30, 2020.

March 19, 2020

Oteemo, an enterprise DevSecOps and Cloud Native Transformation consultancy, launched an enterprise kubernetes and cloud native learning program.

March 19, 2020

Spectro Cloud, an enterprise cloud-native infrastructure company, emerged from stealth and unveiled its first product: Spectro Cloud.