November 20, 2019

254 words 2 mins read

Software supply chains and the illusion of control

Software supply chains and the illusion of control

Derek Weeks shares the results of a three-year study of open source development practices across 3,000 organizations, exploring the vast software supply chains these organizations employ that are simultaneously improving development productivity and undermining quality and security practices. Derek then outlines DevOps practices that support building in quality and security from the beginning.

Talk Title Software supply chains and the illusion of control
Speakers Derek Weeks (Sonatype)
Conference O’Reilly Open Source Convention
Conf Tag Making Open Work
Location Austin, Texas
Date May 8-11, 2017
URL Talk Page
Slides Talk Slides
Video

Modern software development practices are now consuming billions of open source and third-party components. The tooling with package managers and build tools such as Maven, Gradle, npm, NuGet, RubyGems, and others has promoted the usage of components to a convenient standard practice. As a result, 90% of a typical application is now composed of open source components. The good news: use of the components is improving developer productivity and accelerating time to market. However, using these components brings with it ownership and responsibility—a fact largely overlooked. The unspoken truth: not all parts are created equal. For example, 1 in 16 components in use include known security vulnerabilities. Ugh. Derek Weeks shares the results of a three-year study of open source development practices across 3,000 organizations, exploring the vast software supply chains these organizations employ that are simultaneously improving development productivity and undermining quality and security practices. Derek then outlines DevOps practices that support building in quality and security from the beginning. Topics include:

comments powered by Disqus