Equifax Selects Sonatype to Improve Open-Source Governance
US credit reporting agency Equifax has selected Sonatype, an open-source governance and application security specialist, to monitor and manage the use of open-source libraries across its application portfolio.
Maryland-based Sonatype specialises in automated monitoring of open-source software through its proprietary Nexus platform. The platform is composed of the Nexus Repository, which stores and distributes trusted components and build artifacts, Nexus Lifecycle, which identifies and remediates open-source risks across the SDLC, and Nexus Firewall, which prevents vulnerable libraries from entering the development environment in the first place.
Open-source software continues to grow in popularity and is now part of most enterprise toolchains. However, the nature of open-source often exposes companies to additional risk. As it continues its digital transformation, the company is looking to build security into its applications, according to CTO Bryson Koehler.
“We’re focused on building security into each software application from the start and enhancing it throughout the development process. Sonatype’s Nexus Platform will help provide additional visibility, insight and automated governance of our use of open source throughout the development and operations lifecycle,” said Koehler, Chief Technology Officer for Equifax.
In September 2017, the credit reporting giant warned that a data breach earlier in the year had exposed the personal information of hundreds of thousands of customers. At the time, Equifax stated that up to 143 million US consumers’ credit information was exposed by hackers. The incident was later attributed to a known security vulnerability in the open-source Apache software used by Equifax.