Please ensure Javascript is enabled for purposes of website accessibility

Letitia Long and Steve Hills | Sonatype

Letitia Long, the former director of the U.S. National Geospatial-Intelligence Agency and Steve Hills, the former president and general manager of The Washington Post, have joined the board of directors of software supply chain automation company Sonatype as independent directors.

Long and Hills will serve alongside board representatives from Sonatype’s lead investors Goldman Sachs, Accel Partners, New Enterprise Associates, and Hummer Winblad Venture Partners.

long-letitia-sonatypeLong worked for more than 35 years as a civilian in the Department of Defense and the Intelligence Community and was the first woman to lead a major U.S. intelligence agency. Under her leadership, NGA became the first U.S. agency to adopt open source software development in order to speed collaboration among first responders during and after natural disasters.  Long is currently the Chairman of the Board for the Intelligence and National Security Alliance and sits on the boards of Raytheon Company, Urthecast Corp and Noblis Inc.

hills-steve-the-washington-postHills served as president and general manager of The Washington Post for 13 years and played an integral role in the sale of the newspaper to Amazon CEO Jeff Bezos. During his tenure, the newspaper experienced significant digital audience growth and was named “Most Innovative Media Company in the World” by Fast Company. Hills is currently the founding director of the Georgetown University Law Center Business Scholars Program, designed to teach law students the fundamentals of business.

Hills joined the board earlier this year, and Long is joining at a time when the federal government is increasingly concerned about the quality and security of open source software components that underpin the Internet of Things.  The newly introduced Internet of Things Cybersecurity Improvement Act of 2017 would require technology vendors selling IoT devices to the U.S. government to certify that such devices are free from known security vulnerabilities – a key benefit of Sonatype’s Nexus products.  The proposed legislation comes on the heels of several well-publicized exploits in a wide range of IoT products including vehicles, smartphones, and medical devices — exploits that could have been prevented with proper software supply chain hygiene.

Information in Movers and Shakers is provided by the submitter. To submit a Movers and Shakers item, visit

To purchase a reprint of this article, contact [email protected].