BURLINGTON, Mass.--(BUSINESS WIRE)--Black Duck, the global leader in automating the security and management of open source software, today announced a new technology collaboration with Pivotal and the launch of its Black Duck Hub product as an integrated service for Pivotal Cloud Foundry, one of the world's most powerful cloud-native platforms. This is the first open source-focused security management integration with Pivotal Cloud Foundry, enabling enterprise customers to embrace open source in their applications with automated visibility, intelligence, and control.

Black Duck and Pivotal have collaborated to integrate Black Duck Hub and Pivotal Cloud Foundry to deliver a Secure DevOps process and user experience for building and deploying applications to Pivotal Cloud Foundry.

Using Black Duck Hub, enterprise customers can automatically identify all the open source components; detect and analyze known security vulnerabilities, compliance issues, and code quality risks; and enable policy management to control risks and their remediation. Additionally, Hub dynamically monitors the scanned code and provides alerts on newly discovered vulnerabilities or policy violations. Enterprise customers can also use Hub to access Black Duck KnowledgeBase, the worlds most comprehensive data store of open source components and risk intelligence.

Open source comprises 80 to 90 percent of the components in a modern cloud-native application. Integration of Black Duck Hub with Pivotal Cloud Foundry provides automated visibility and control into that open source, said Black Duck CEO Lou Shipley. This helps increase enterprises confidence to increase their production deployment of cloud-native applications.

Fortune 2000 companies are facing tremendous pressure to build and deliver cloud-native applications - faster, on a larger scale, and at lower cost, said Nima Badiey, Head of Business Development, Pivotal Cloud Foundry. Combining Black Duck Hub with Pivotal Cloud Foundry helps our customers automate the security and licensing processes in their application deployment pipelines, enabling agility and innovation at cloud-native speeds.

Availability

In addition to the new integrated solution for Pivotal Cloud Foundry users, Black Duck today announced that Pivotal has become a Black Duck Hub customer for Pivotals internal use. Pivotal uses Hub as part of its internal Pivotal Cloud Foundry development and security processes to help secure and manage open source components in the Cloud Foundry project.

About Black Duck Software Organizations worldwide use Black Ducks industry-leading products to automate the process of securing and managing open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, Vancouver, London, Belfast, Northern Ireland, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit http://www.blackducksoftware.com.

View original post here:
Black Duck Teams Up with Pivotal to Secure and Manage Open Source Cloud-Native Applications for the Enterprise - Business Wire (press release)

Open-source-based server designer iXsystems Inc. today broadened its enterprise storage portfolio with an entry-level TrueNAS array.

The San Jose, Calif., vendor introduced the TrueNAS X10 hybrid array as a complement to its Z Series midrange family that launched three years ago. It also sells a line of FreeNAS appliances for small businesses and home offices.

All iXsystems arrays run the OpenZFS file system with at-rest data encryption, inline compression and deduplication, replication and delta-based snapshots. OpenZFS is the open source successor to the ZFS file system originally developed by Sun Microsystems, which Oracle acquired in 2010 for $7.4 billion.

Privately held iXsystems has been in the server business since 1996, expanding to storage in 2009. The company doesn't publicly disclose revenues, but claimed storage sales are expected to spike about 200% by 2018.

TrueNAS X10 is a 2U chassis that supports 12 hot-swappable SAS HDDs connected via 10 Gigabit Ethernet. Customers can buy a single controller with 20 TB of raw disk capacity starting at $5,500. For high availability, a dual-controller chassis is recommended that starts at $20,000 for 120 TB. Storage scales to 360 TB in 6U with two fully populated SAS expansion shelves.

The scale-up architecture nicely balances cost and performance, said Scott Sinclair, a storage analyst at Enterprise Strategy Group Inc. in Milford, Mass.

"This is not a server architecture where you need three boxes for resiliency. They built the hardware, they fitted the box and they use their open source software-defined storage to help you build a traditional array deployment. It's got a dual controller and 120 TB of storage for under $20,000, which is pretty nice," Sinclair said.

The unified storage arrays merge RAM and solid-state drives for caching with hard disk drives for storage. The system-on-a-chip hardware is based on an Intel Pentium Xeon D-1531 six-core CPU.

The storage products integrate iXsystems' FreeNAS converged software on certified server hardware. FreeNAS is available as a download and also as a bundled stack on FreeNAS-branded hardware appliances.

FreeNAS is built atop stripped-down FreeBSD code and supports the FreeBSD-licensed bhyve hypervisor. The system also is certified for Citrix XenServer and VMware ESXi.

Projected use cases for the new arrays include backup, big data storage and file sharing. It taps into a swath of underserved small and midsize business customers, said Steve Wong, the iXsystems director of storage product management.

"Until now, we have not had a TrueNAS product at the lower end of the market for customers that need continuous data availability and uptime. We have had a lot of customers that value the capabilities of our other TrueNAS arrays, but the price has precluded them from buying," Wong said.

Wong said iXsystems expects at least half of FreeNAS X10 customers to opt for the 2U high availability option.

"We see it competing with Dell EMC VNX and Unity, as well as NetApp FAS2600 Series and HPE's [Hewlett Packard Enterprise] MSA SAN products," he said. "We also expect it to compete against rackmount systems from Qnap, Drobo and Synology."

Competition also could come from software-defined storage vendors, particularly OpenStack deployments for building private cloud storage.

"The challenge for iXsystems is going up against the big-name storage vendors," Sinclair said. "Those customers tend to be a different type of buyer than those in the SMB, who might be willing to go with a lesser-known vendor. The question is whether iXsystems can sell enough boxes at that price to achieve the necessary scale that makes business sense."

Other iXsystems include TrueNAS Z20 with 400 TB starting at $25,000, TrueNAS Z30 with 1.1 PB starting at $30,000, and the high-end TrueNAS Z35 array that starts at $40,000 and scales to 4.8 PB. The vendor also markets TrueRack rack-scale converged infrastructure to large data centers, combining its storage and servers with third-party networking switches.

Slowly but surely, open source storage gains acceptance

Is object storage really about to supplant scale-out NAS?

Storage moves toward software-defined memory

Here is the original post:
TrueNAS X10: iXsystems' open source storage contender - TechTarget

FULTON, Md.--(BUSINESS WIRE)--Sonatype, the leader in software supply chain automation, today announced the release of its third annual State of the Software Supply Chain Report. This years report highlights risks lurking within open source software components and quantifies the empirical benefits of actively managing software supply chain hygiene.

Organizations that are actively managing the quality of open source components flowing into production applications are realizing a 28 percent improvement in developer productivity, a 30 percent reduction in overall development costs, and a 48 percent increase in application quality. Furthermore, analysis of more than 17,000 applications reveals that applications built by teams utilizing automated governance tools reduced the percentage of defective components by 63%.

Conversely, organizations failing to manage software supply chains are unwittingly releasing vulnerable applications into production, wasting thousands of hours on rework and bug fixes, and facing increased liability due to gross negligence.

Additional key findings of the 2017 State of the Software Supply Chain report include:

Consumption of open source components is growing on a massive scale

Open source component suppliers remain slow to fix vulnerabilities

Number of downloaded components with known vulnerabilities is slightly decreasing

The regulatory landscape is rapidly changing

Supporting Quotes

Wayne Jackson, CEO, Sonatype Companies are no longer building software applications from scratch, they are manufacturing them as fast as they can using an infinite supply of open source component parts. However, many still rely on manual and time consuming governance and security practices instead of embracing DevOps-native automation. Our research continues to show that development teams managing trusted software supply chains are dramatically improving quality and productivity.

Mark Driver, Felix Gaehtgens, Mark ONeill, Gartner, May 2017 report Managing Digital Trust in the Software Development Life Cycle By 2020, 50% of organizations will have suffered damage caused by failing to manage trust in their, or their partners, software development life cycles (SDLC) causing revenue loss of more than 15%. Application leaders responsible for modernizing application development should re-evaluate the SDLC in the form of a trusted software supply chain, with varied levels of trust.

About the State of the Software Supply Chain Report

The 2017 State of the Software Supply Chain Report blends a broad set of public and proprietary data with expert research and analysis. This years report extends beyond Java data to include supply chain findings from JavaScript, NuGet, Python, and Docker ecosystems.

Additional Resources

About Sonatype

Sonatype is the leading provider of DevOps-native tools to automate modern software supply chains. As the creators of Apache Maven, the Central Repository, and Nexus Repository, Sonatype pioneered componentized software development and has a rich history of supporting open source innovation. Today, more than 120,000 organizations depend on Sonatypes Nexus platform to govern the volume, variety, and quality of open source components flowing into modern software applications. Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel Partners, Hummer Winblad Venture Partners, Morgenthaler Ventures, Bay Partners and Goldman Sachs. Learn more at http://www.sonatype.com.

Here is the original post:
Sonatype 2017 State of the Software Supply Chain Report Reveals ... - Business Wire (press release)