SOURCE: Sonatype

October 24, 2013 10:57 ET

Financial Services Companies Quickly Meet New PCI Data Security Standard Using Sonatype Software

FULTON, MD--(Marketwired - Oct 24, 2013) - Sonatype, a software company that enables developers to easily build software applications while significantly reducing security, compliance, and licensing risks, today announced a program dedicated to ensuring companies can quickly meet requirements of the Payment Card Industry (PCI) Data Security Standard (DSS) including the new OWASP guidelines.

Financial services companies are turning to Sonatype to address new PCI DSS and related OWASP requirements. The PCI DSS Version 3.0 Change Highlights requires an inventory of all system components including software applications and the application components contained in each. In addition, organizations seeking PCI compliance need to align their security approach with OWASP and other standards. This includes support for OWASP A9, which requires organizations to avoid the use of insecure components. This is of increasing importance because 80% of the typical enterpise application is assembled with components, such as open source software (OSS) libraries and frameworks. Component-based development allows for faster development against business requirements, but also brings complexity and risk as components are a prime target for hackers. Companies can contact Sonatype today to initiate a complete software application inventory, alerting them to their compliance exposure.

"Sonatype was instrumental in helping Crosskey quickly address the PCI DSS requirements associated with component usage," said Monika Liikamaa, Director of Card Solutions, Crosskey. "PCI compliance is a nearly impossible task without an automated approach, especially since we have to accommodate the latest release of OWASP. We used Sonatype's Component Lifecycle Management solution to identify and choose the best and safest components and to manage and monitor those components over time. As such, we have addressed a key application security risk allowing all Crosskey customers to rest assured that their data and payments are safe with us."

Sonatype plays an instrumental role in helping organizations address PCI DSS compliance (OWASP included), by ensuring that OSS components used to construct applications are secure and remain secure over time. Sonatype specifically helps organizations processing payment card transaction, such as financial service providers and retailers to:

  • Secure applications by analyzing components, identifying vulnerabilities, and integrating information necessary to construct secure applications throughout the software development lifecycle.

  • Build a component inventory that helps meet PCI DSS reporting requirements; helps identify scope of compliance efforts; and combined with the other capabilities, helps limit the scope of compliance assessment efforts.

  • Keep applications up to date by providing information about current/best component versions.

  • Establish and implement policies that are automatically enforced.

  • Identify new vulnerabilities and help organizations triage and prioritize compliance efforts.

About Sonatype

Sonatype's software protects the world's enterprise software applications from security, compliance, and licensing threats, while dramatically reducing application development and deployment time. Every day, millions of developers build software applications from open source building blocks, known as components. Customers rely on Sonatype's software to produce trust-worthy applications that meet release deadlines with components they can trust. Sonatype accomplishes this task by enabling developers to: select the best components from the start of the development lifecycle; monitor component usage over time; and, quickly fix new issues when identified. Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel Partners, Bay Partners, Hummer Winblad Venture Partners and Morgenthaler Ventures.  Visit:

Contact Information