Next event:

The QA Financial Forum: London 2019

27 February, 2019
News and research on financial software quality assurance and risk management

Equifax Selects Sonatype to Improve Open-Source Governance

29 January 2019
Credit reporting agency Equifax has selected Sonatype to monitor and manage the use of open-source libraries across its applications.

US credit reporting agency Equifax has selected Sonatype, an open-source governance and application security specialist, to monitor and manage the use of open-source libraries across its application portfolio.

Maryland-based Sonatype specialises in automated monitoring of open-source software through its proprietary Nexus platform. The platform is composed of the Nexus Repository, which stores and distributes trusted components and build artifacts, Nexus Lifecycle, which identifies and remediates open-source risks across the SDLC, and Nexus Firewall, which prevents vulnerable libraries from entering the development environment in the first place.

Open-source software continues to grow in popularity and is now part of most enterprise toolchains. However, the nature of open-source often exposes companies to additional risk. As it continues its digital transformation, the company is looking to build security into its applications, according to CTO Bryson Koehler.

“We’re focused on building security into each software application from the start and enhancing it throughout the development process. Sonatype’s Nexus Platform will help provide additional visibility, insight and automated governance of our use of open source throughout the development and operations lifecycle,” said Koehler, Chief Technology Officer for Equifax.

Read more: Equifax Falls After Signs It Was Slow to Fix Flaw Hackers Used

In September 2017, the credit reporting giant warned that a data breach earlier in the year had exposed the personal information of hundreds of thousands of customers. At the time, Equifax stated that up to 143 million US consumers’ credit information was exposed by hackers. The incident was later attributed to a known security vulnerability in the open-source Apache software used by Equifax.

Get the latest
by email

Newsletter Sign-Up
First Name*
Last Name*
Email*

I understand my contact details will be entered into your database and used to contact me by email with QA Financial's newsletter. See our privacy policy here.

Opted-in to receive newsletter
Source - newsletter sign-up form