
Goldman Sachs Leads $30 Million Investment in Software Supply Chain Fixer - walterbell
http://fortune.com/2016/02/04/goldman-sachs-invest-sonatype/
======
m4dc4pXXX
Typo in the headline doesn't help the credibility of this article ("This
comany’s tech helps developers deal with buggy open source code.")

And I guess quotes like the following are just baiting developers:

"Since most developers draw on open source code to build their software, that
leaves open the possibility for countless computer bugs, compatibility issues,
and security gaps to creep in."

Sounds like a great way to burn a pile of money.

~~~
walterbell
It's mostly for Java components. SonaType also backports security fixes into
older components that are still widely deployed, but receiving less attention
from upstream devs.

From a 2012 article, [http://allthingsd.com/20120710/sonatype-manager-of-
grown-up-...](http://allthingsd.com/20120710/sonatype-manager-of-grown-up-
open-source-software-lands-25-million-from-nea/), _Sonatype runs something
called the Central Repository, essentially a library of some 400,000 software
components that is so widely used by software developers that it gets about
five billion requests a year. That gives it a lot of visibility into what
components are being used, and what potential problems might be cropping up.
Simply keeping track of what software components were used to build an
application goes a long way toward solving problems as they arise down the
road. "_

Edit: better article on the GS funding,
[https://www.washingtonpost.com/business/capitalbusiness/md-b...](https://www.washingtonpost.com/business/capitalbusiness/md-
based-cyber-firm-picks-up-30-million-led-by-goldman-sachs/2016/02/03/eebcf1ec-
cac8-11e5-ae11-57b6aeab993f_story.html)

 _“Imagine a situation where Toyota let their line workers make all the
decisions about which suppliers to use without any governance or oversight;
imagine what cars would be like,” he said. “All the cars would be really hard
to maintain and an orderly recall would be next to impossible ... Some of the
company’s larger customers pay Sonatype hundreds of thousands of dollars
annually, Jackson says, and a few pay close to $1 million._

