Partnership will reduce the risk posed by vulnerabilities in open source and third-party components

HERNDON, VA. (January 8, 2018) - DLT Solutions, an award-winning technology provider to the public sector, today announced a new partnership with Sonatype that will allow agencies to develop software quickly and securely by mitigating potential risks posed by open source and third-party components through continuous governance.

“Agencies today face intense pressure to deliver software innovation faster than ever to improve citizen services and advance mission outcomes,” said Brian Fox, co-founder and chief technology officer at Sonatype. “Their efforts are fueled by an infinite supply of open source components which dramatically reduce the need to write code from scratch, but can also introduce a wide range of security and governance concerns.”

Today, up to 90 percent of a typical application is comprised of open source components, and one in 18 components downloaded by developers have known security vulnerabilities.

“Adversaries are constantly targeting public sector agencies and looking for vulnerabilities to exploit,” said David Blankenhorn, chief technology officer at DLT. “Vetting the open source supply chain should be a critical step in the early phases of software development. Further, continuously reviewing these components during the application lifecycle must remain a priority in order to mitigate new and evolving threats to applications in production.”

Sonatype gives agencies the ability to develop software faster, but also maintain control by automatically governing the security and quality of open source components utilized inside mission-critical applications.

“By 2019, more than 70 percent of enterprise DevSecOps initiatives will have incorporated automated security vulnerability and configuration scanning for open-source components and commercial packages, up from less than 10 percent in 2016”, wrote analysts Neil MacDonald and Ian Head in Gartner’s October 2017 report, 10 Things to Get Right for Successful DevSecOps. “From a security perspective, it is a much easier problem to identify known vulnerabilities in known code than unknown vulnerabilities in custom code.”


About DLT Solutions

DLT is a leading technology partner to the federal, state and local government, education, utilities and healthcare markets.  For more than 25 years, the company’s dedication to helping the public sector make smart technology choices and simplify their technology procurements ensures its customers have the best options for Cybersecurity, Cloud, Application Lifecycle, Digital Design, IT Consolidation and IT Management solutions. The DLT advantage includes strategic partnerships with industry leading and emerging technology companies -  including Amazon Web Services, Autodesk, ForeScout, Google, Informatica, McAfee, Oracle, Quest Software, Red Hat, SolarWinds, Symantec and Veritas - whose products and services can be easily procured through DLT by leveraging its broad portfolio of government IT contracts including, GSA, SEWP V, U.S. Communities and Texas DIR. To learn more, visit DLT’s Resource Center, call 800.262.4358 or email Also on LinkedIn and Twitter (@DLTSolutions).

About Sonatype

Sonatype is the leading provider of DevOps-native tools to automate modern software supply chains. As the creators of Apache Maven, the Central Repository, and Nexus Repository, Sonatype pioneered componentized software development and has a rich history of supporting open source innovation. Today, more than 150,000 organizations depend on Sonatype’s Nexus platform to govern the volume, variety, and quality of open source components flowing into modern software applications. Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel Partners, Hummer Winblad Venture Partners, Morgenthaler Ventures, Bay Partners and Goldman Sachs. Learn more at