SlideShare a Scribd company logo

Findings Revealed: 2015 State of the Software Supply Chain

Download as PPTX, PDF
Sonatype
Sonatype

Gain new insights on how to deliver higher quality software even faster -- with less unplanned, unscheduled rework. If you are using open source components as part of development you may be unknowingly sabotaging your efforts by introducing known vulnerabilities – shockingly there are 24 vulnerabilities in the average application. Hear the results of an extensive analysis of open source usage across 106,000 development organizations. We’ll be drawing analogies between modern software development and traditional manufacturing supply chains, focusing on proven steps to improve speed, efficiency and quality. Watch the on-demand recording.

Software
1 of 44
TOP HIGHLIGHTS & BENCHMARKS Derek E. Weeks VP and DevOps Advocate
RESEARCH COVERED BY DevOps Leadership Series & Contributing Author Upcoming Speaking Engagements: LISA15 | USENIX (Nov. 12, 2015 - DC) OWASP NYC CyberSocial (September 16, 2015 - NYC) Atlanta Java Users Group (Sept. 15, 2015 - Atlanta) HP Protect (Sept. 3, 2015 - DC) @weekstweets
@sonatype
@sonatype
106,000Organizations Analyzed Source: 2015 State of the Software Supply Chain Report @sonatype
We all have a SOFTWARE SUPPLY CHAIN @sonatype
Modern software development HAS CHANGED Our process HASN’T CHANGED ENOUGH @sonatype
John Willis DevOps Days Core Organizer Gareth Rushgrove Puppet Labs Nigel Simpson F-100 Entertainment Giant @sonatype
201320122011200920082007 2010 2B1B500M 4B 6B 8B 13B 17B 2014 Source: 2015 State of the Software Supply Chain Report @sonatype Open Source Download Requests…
POLLING QUESTION What percent of modern apps are composed of open source components? 10 a. 10 - 20% b. 50 - 60% c. 80 - 90%
How Dependent on 3rd Parties Are We? 10% Custom Written Code Typical Application Open Source Cloud Services Closed Source 90% From 3rd Parties @sonatype
Better and fewer suppliers Higher quality parts Improved visibility and traceability 3 savings in modern supply chains Automation @sonatype
@sonatype
CHANGE Typical component is updated 3 - 4X per year. 985,000 OSS COMPONENTS 11 MILLION OSS USERS108,000 SUPPLIERS Source: 2015 State of the Software Supply Chain Report @sonatype
POLLING QUESTION How many open source suppliers do companies work with? 15 a. 5,372 b. 7,601 c. 15,118
Suppliers Serving Manufacturers Source: 2015 State of the Software Supply Chain Report Orders (downloads) Suppliers (artifacts) Parts (versions) Average 240,757 7,601 18,614 @sonatype
41% 390 days (median 265 days). CVSS 10s 224 days 59% never repaired <7 The best were remediated in under a week. Source: USENIX, https://www.usenix.org/system/files/login/articles/15_geer_0.pdf @sonatype
@sonatype
Source: modulecounts.com @sonatype
Sample of Open Source Repositories 2014 Volume of Download Requests Central.sonatype.org 17,213,084,947 Npmjs.org 15,460,748,856 NuGetGallery.com 280,124,916 Bintray.com 250,000,000 Source: 2015 State of the Software Supply Chain Report @sonatype
CHANGE Typical component is updated 3 - 4X per year. Unlike COTS, there is no clear, effective COMMUNICATION channel …but there can be. 985,000 OSS COMPONENTS 11 MILLION OSS USERS @sonatype
Repository Managers Accessing the Central Repository Source: 2015 State of the Software Supply Chain Report @sonatype
Source: 2015 State of the Software Supply Chain Report Public Repos Local Repo Build Tool Public Repos Build Tool PATTERN #1 PATTERN #2 @sonatype
POLLING QUESTION What percent of components are sourced from public repositories? 24 a. 25% b. 55% c. 95%
Source: 2015 State of the Software Supply Chain Report Public Repos Local Repo Build Tool Public Repos Build Tool 95% of downloads 5% of downloads @sonatype
26
100-200 Cycle Time: Minutes-Hours @sonatype
Source: 2015 State of the Software Supply Chain Report 240,000Components Downloaded Annually @sonatype
POLLING QUESTION What percent of organizations do not have a policy governing quality and integrity of components? 29 a. 25% b. 55% c. 95%
Q: Does your organization have an open source policy? Half of organizations continue to run without an open source policy. Source: 2012, 2013, 2014 Sonatype Open Source Development and Application Security Survey @sonatype
If it does not fit, it does not get done. @sonatype
Orders Quality Control Average downloads # with known vulnerabilities % with known vulnerabilities % known vulnerabilities (2013 or older) 240,757 15,337 7.5% 66.3% Download Volumes of Old CVEs Source: 2015 State of the Software Supply Chain Report @sonatype
Source: 2015 State of the Software Supply Chain Report Outdated Versions Downloaded @sonatype
Image Source: caranddriver.com @sonatype
@sonatype
@sonatype
Analysis of 1,500+ Applications 106 components 24 known vulnerabilities 9 restrictive licenses @sonatype
v
1 2 3 Create a software Bill of Materials for one application Design a frictionless, automated, “continuous” approach Empower developers with the right information at the right time @sonatype
CHECK THE QUALITY AND INTEGRITY OF EVERY BUILD Jenkins integration run history and status of each build, across multiple applications. Builds might be stable or unstable. Also shows build success and failures. Nexus Lifecycle policy violations and vulnerabilities levels are displayed within the Jenkins CI dashboard. @sonatype
Shift Left= ZTTR (Zero Time to Remediation) Analyze all components from within your IDE License, Security and Architecture data for each component, evaluated against your policy EMPOWER DEVELOPERS FROM THE START @sonatype
CREATE A SOFTWARE BILL OF MATERIALS bit.ly/softwareBOM 5MINUTES @sonatype
YOU ALL GET A COPY TODAY!
IT’S TIME WE IMPROVE OUR SOFTWARE SUPPLY CHAINS

Recommended

Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementSonatype
 
A "Firewall" for Bad Binaries
A "Firewall" for Bad BinariesA "Firewall" for Bad Binaries
A "Firewall" for Bad BinariesSonatype
 
Continuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachContinuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachSonatype
 
Risks in the Software Supply Chain
Risks in the Software Supply ChainRisks in the Software Supply Chain
Risks in the Software Supply ChainMark Sherman
 
Accelerating innovation with software supply chain management
Accelerating innovation with software supply chain management Accelerating innovation with software supply chain management
Accelerating innovation with software supply chain management matthewabq
 
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...Parasoft
 
Software supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing controlSoftware supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing controlmatthewabq
 
The Illusion of Control: Seven Deadly Wastes in Your Devops Practice
The Illusion of Control: Seven Deadly Wastes in Your Devops PracticeThe Illusion of Control: Seven Deadly Wastes in Your Devops Practice
The Illusion of Control: Seven Deadly Wastes in Your Devops Practicematthewabq
 

Recommended

Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementSonatype
 
A "Firewall" for Bad Binaries
A "Firewall" for Bad BinariesA "Firewall" for Bad Binaries
A "Firewall" for Bad BinariesSonatype
 
Continuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachContinuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachSonatype
 
Risks in the Software Supply Chain
Risks in the Software Supply ChainRisks in the Software Supply Chain
Risks in the Software Supply ChainMark Sherman
 
Accelerating innovation with software supply chain management
Accelerating innovation with software supply chain management Accelerating innovation with software supply chain management
Accelerating innovation with software supply chain management matthewabq
 
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...Parasoft
 
Software supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing controlSoftware supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing controlmatthewabq
 
The Illusion of Control: Seven Deadly Wastes in Your Devops Practice
The Illusion of Control: Seven Deadly Wastes in Your Devops PracticeThe Illusion of Control: Seven Deadly Wastes in Your Devops Practice
The Illusion of Control: Seven Deadly Wastes in Your Devops Practicematthewabq
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Rogue Wave Software
 
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)Qualitest
 
No Devops Without Continuous Testing
No Devops Without Continuous TestingNo Devops Without Continuous Testing
No Devops Without Continuous TestingParasoft
 
ABC's of Service Virtualization
ABC's of Service VirtualizationABC's of Service Virtualization
ABC's of Service VirtualizationParasoft
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Klocwork
 
Driving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareDriving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareParasoft
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps WorldParasoft
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...WhiteSource
 
Find Out What's New With WhiteSource September 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource September 2018- A WhiteSource WebinarFind Out What's New With WhiteSource September 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource September 2018- A WhiteSource WebinarWhiteSource
 
EuroSPI 2016 - Software Safety and Security Through Standards
EuroSPI 2016 - Software Safety and Security Through StandardsEuroSPI 2016 - Software Safety and Security Through Standards
EuroSPI 2016 - Software Safety and Security Through StandardsArthur Hicken
 
DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017Suman Sourav
 
Mentors View: Aligning Your Team and Your Powers for Success
Mentors View: Aligning Your Team and Your Powers for SuccessMentors View: Aligning Your Team and Your Powers for Success
Mentors View: Aligning Your Team and Your Powers for SuccessSonatype
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsIBM Security
 
Better Governance Banking on Continuous Delivery
Better Governance Banking on Continuous DeliveryBetter Governance Banking on Continuous Delivery
Better Governance Banking on Continuous DeliveryTapabrata Pal
 
Rx for FDA Software Compliance
Rx for FDA Software ComplianceRx for FDA Software Compliance
Rx for FDA Software ComplianceParasoft
 
Find Out What's New With WhiteSource May 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource May 2018- A WhiteSource WebinarFind Out What's New With WhiteSource May 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource May 2018- A WhiteSource WebinarWhiteSource
 
The DevOps Challenge: Open Source Security at Scale
The DevOps Challenge: Open Source Security at ScaleThe DevOps Challenge: Open Source Security at Scale
The DevOps Challenge: Open Source Security at ScaleDevOps.com
 
10 Things You Might Not Know: Continuous Integration
10 Things You Might Not Know: Continuous Integration10 Things You Might Not Know: Continuous Integration
10 Things You Might Not Know: Continuous IntegrationCoveros, Inc.
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...WhiteSource
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021DevOps.com
 
Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...
Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...
Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...Emerasoft, solutions to collaborate
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Sonatype
 

More Related Content

What's hot

Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Rogue Wave Software
 
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)Qualitest
 
No Devops Without Continuous Testing
No Devops Without Continuous TestingNo Devops Without Continuous Testing
No Devops Without Continuous TestingParasoft
 
ABC's of Service Virtualization
ABC's of Service VirtualizationABC's of Service Virtualization
ABC's of Service VirtualizationParasoft
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Klocwork
 
Driving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareDriving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareParasoft
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps WorldParasoft
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...WhiteSource
 
Find Out What's New With WhiteSource September 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource September 2018- A WhiteSource WebinarFind Out What's New With WhiteSource September 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource September 2018- A WhiteSource WebinarWhiteSource
 
EuroSPI 2016 - Software Safety and Security Through Standards
EuroSPI 2016 - Software Safety and Security Through StandardsEuroSPI 2016 - Software Safety and Security Through Standards
EuroSPI 2016 - Software Safety and Security Through StandardsArthur Hicken
 
DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017Suman Sourav
 
Mentors View: Aligning Your Team and Your Powers for Success
Mentors View: Aligning Your Team and Your Powers for SuccessMentors View: Aligning Your Team and Your Powers for Success
Mentors View: Aligning Your Team and Your Powers for SuccessSonatype
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsIBM Security
 
Better Governance Banking on Continuous Delivery
Better Governance Banking on Continuous DeliveryBetter Governance Banking on Continuous Delivery
Better Governance Banking on Continuous DeliveryTapabrata Pal
 
Rx for FDA Software Compliance
Rx for FDA Software ComplianceRx for FDA Software Compliance
Rx for FDA Software ComplianceParasoft
 
Find Out What's New With WhiteSource May 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource May 2018- A WhiteSource WebinarFind Out What's New With WhiteSource May 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource May 2018- A WhiteSource WebinarWhiteSource
 
The DevOps Challenge: Open Source Security at Scale
The DevOps Challenge: Open Source Security at ScaleThe DevOps Challenge: Open Source Security at Scale
The DevOps Challenge: Open Source Security at ScaleDevOps.com
 
10 Things You Might Not Know: Continuous Integration
10 Things You Might Not Know: Continuous Integration10 Things You Might Not Know: Continuous Integration
10 Things You Might Not Know: Continuous IntegrationCoveros, Inc.
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...WhiteSource
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021DevOps.com
 

What's hot (20)

Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization
 
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)
 
No Devops Without Continuous Testing
No Devops Without Continuous TestingNo Devops Without Continuous Testing
No Devops Without Continuous Testing
 
ABC's of Service Virtualization
ABC's of Service VirtualizationABC's of Service Virtualization
ABC's of Service Virtualization
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009
 
Driving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareDriving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive Software
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps World
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
 
Find Out What's New With WhiteSource September 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource September 2018- A WhiteSource WebinarFind Out What's New With WhiteSource September 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource September 2018- A WhiteSource Webinar
 
EuroSPI 2016 - Software Safety and Security Through Standards
EuroSPI 2016 - Software Safety and Security Through StandardsEuroSPI 2016 - Software Safety and Security Through Standards
EuroSPI 2016 - Software Safety and Security Through Standards
 
DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017
 
Mentors View: Aligning Your Team and Your Powers for Success
Mentors View: Aligning Your Team and Your Powers for SuccessMentors View: Aligning Your Team and Your Powers for Success
Mentors View: Aligning Your Team and Your Powers for Success
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
 
Better Governance Banking on Continuous Delivery
Better Governance Banking on Continuous DeliveryBetter Governance Banking on Continuous Delivery
Better Governance Banking on Continuous Delivery
 
Rx for FDA Software Compliance
Rx for FDA Software ComplianceRx for FDA Software Compliance
Rx for FDA Software Compliance
 
Find Out What's New With WhiteSource May 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource May 2018- A WhiteSource WebinarFind Out What's New With WhiteSource May 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource May 2018- A WhiteSource Webinar
 
The DevOps Challenge: Open Source Security at Scale
The DevOps Challenge: Open Source Security at ScaleThe DevOps Challenge: Open Source Security at Scale
The DevOps Challenge: Open Source Security at Scale
 
10 Things You Might Not Know: Continuous Integration
10 Things You Might Not Know: Continuous Integration10 Things You Might Not Know: Continuous Integration
10 Things You Might Not Know: Continuous Integration
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021
 

Similar to Findings Revealed: 2015 State of the Software Supply Chain

Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...
Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...
Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...Emerasoft, solutions to collaborate
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Sonatype
 
2016 Yahoo Taiwan Mobile Developer Conference
2016 Yahoo Taiwan Mobile Developer Conference 2016 Yahoo Taiwan Mobile Developer Conference
2016 Yahoo Taiwan Mobile Developer Conference Flurry, Inc.
 
API Security Survey
API Security SurveyAPI Security Survey
API Security SurveyImperva
 
TV Platforms 2014 Report: an S3 Group Survey of Pay-TV Service Delivery
TV Platforms 2014 Report: an S3 Group Survey of Pay-TV Service DeliveryTV Platforms 2014 Report: an S3 Group Survey of Pay-TV Service Delivery
TV Platforms 2014 Report: an S3 Group Survey of Pay-TV Service DeliveryS3 Group | TV Technology
 
How DevOps is Redefining Application Delivery in the Enterprise: 5 Key Facto...
How DevOps is Redefining Application Delivery in the Enterprise: 5 Key Facto...How DevOps is Redefining Application Delivery in the Enterprise: 5 Key Facto...
How DevOps is Redefining Application Delivery in the Enterprise: 5 Key Facto...Enterprise Management Associates
 
The real cost of it franken monitoring
The real cost of it franken monitoringThe real cost of it franken monitoring
The real cost of it franken monitoringAppDynamics
 
Broadcast Music Inc. Release Rockstars: Program-Wide DevOps Success with Urba...
Broadcast Music Inc. Release Rockstars: Program-Wide DevOps Success with Urba...Broadcast Music Inc. Release Rockstars: Program-Wide DevOps Success with Urba...
Broadcast Music Inc. Release Rockstars: Program-Wide DevOps Success with Urba...Prolifics
 
Virtualization to Improve Speed and Increase Quality
Virtualization to Improve Speed and Increase QualityVirtualization to Improve Speed and Increase Quality
Virtualization to Improve Speed and Increase QualityTechWell
 
Analyst Keynote: Continuous Delivery: Making DevOps Awesome
Analyst Keynote: Continuous Delivery: Making DevOps AwesomeAnalyst Keynote: Continuous Delivery: Making DevOps Awesome
Analyst Keynote: Continuous Delivery: Making DevOps AwesomeCA Technologies
 
Code to Release using Artificial Intelligence and Machine Learning
Code to Release using Artificial Intelligence and Machine LearningCode to Release using Artificial Intelligence and Machine Learning
Code to Release using Artificial Intelligence and Machine LearningSTePINForum
 
Back to the Future with the “API Economy”: Management Strategies for a New Wa...
Back to the Future with the “API Economy”: Management Strategies for a New Wa...Back to the Future with the “API Economy”: Management Strategies for a New Wa...
Back to the Future with the “API Economy”: Management Strategies for a New Wa...Enterprise Management Associates
 
The Rationale for Continuous Delivery (The culture and practice of good softw...
The Rationale for Continuous Delivery (The culture and practice of good softw...The Rationale for Continuous Delivery (The culture and practice of good softw...
The Rationale for Continuous Delivery (The culture and practice of good softw...C4Media
 
Implications of Open Source Software Use (or Let's Talk Open Source)
Implications of Open Source Software Use (or Let's Talk Open Source)Implications of Open Source Software Use (or Let's Talk Open Source)
Implications of Open Source Software Use (or Let's Talk Open Source)Gail Murphy
 
Markings of a Healthy OSS Project
Markings of a Healthy OSS ProjectMarkings of a Healthy OSS Project
Markings of a Healthy OSS ProjectClement Ho
 
DevOps Roadtrip Minneapolis
DevOps Roadtrip Minneapolis DevOps Roadtrip Minneapolis
DevOps Roadtrip Minneapolis VictorOps
 

Similar to Findings Revealed: 2015 State of the Software Supply Chain (20)

Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...
Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...
Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...
 
Pulse Meter
Pulse MeterPulse Meter
Pulse Meter
 
2016 Yahoo Taiwan Mobile Developer Conference
2016 Yahoo Taiwan Mobile Developer Conference 2016 Yahoo Taiwan Mobile Developer Conference
2016 Yahoo Taiwan Mobile Developer Conference
 
API Security Survey
API Security SurveyAPI Security Survey
API Security Survey
 
TV Platforms 2014 Report: an S3 Group Survey of Pay-TV Service Delivery
TV Platforms 2014 Report: an S3 Group Survey of Pay-TV Service DeliveryTV Platforms 2014 Report: an S3 Group Survey of Pay-TV Service Delivery
TV Platforms 2014 Report: an S3 Group Survey of Pay-TV Service Delivery
 
Pulse Meter
Pulse MeterPulse Meter
Pulse Meter
 
How DevOps is Redefining Application Delivery in the Enterprise: 5 Key Facto...
How DevOps is Redefining Application Delivery in the Enterprise: 5 Key Facto...How DevOps is Redefining Application Delivery in the Enterprise: 5 Key Facto...
How DevOps is Redefining Application Delivery in the Enterprise: 5 Key Facto...
 
The real cost of it franken monitoring
The real cost of it franken monitoringThe real cost of it franken monitoring
The real cost of it franken monitoring
 
Broadcast Music Inc. Release Rockstars: Program-Wide DevOps Success with Urba...
Broadcast Music Inc. Release Rockstars: Program-Wide DevOps Success with Urba...Broadcast Music Inc. Release Rockstars: Program-Wide DevOps Success with Urba...
Broadcast Music Inc. Release Rockstars: Program-Wide DevOps Success with Urba...
 
Ca Continuous Delivery
Ca Continuous DeliveryCa Continuous Delivery
Ca Continuous Delivery
 
Virtualization to Improve Speed and Increase Quality
Virtualization to Improve Speed and Increase QualityVirtualization to Improve Speed and Increase Quality
Virtualization to Improve Speed and Increase Quality
 
Analyst Keynote: Continuous Delivery: Making DevOps Awesome
Analyst Keynote: Continuous Delivery: Making DevOps AwesomeAnalyst Keynote: Continuous Delivery: Making DevOps Awesome
Analyst Keynote: Continuous Delivery: Making DevOps Awesome
 
Code to Release using Artificial Intelligence and Machine Learning
Code to Release using Artificial Intelligence and Machine LearningCode to Release using Artificial Intelligence and Machine Learning
Code to Release using Artificial Intelligence and Machine Learning
 
Back to the Future with the “API Economy”: Management Strategies for a New Wa...
Back to the Future with the “API Economy”: Management Strategies for a New Wa...Back to the Future with the “API Economy”: Management Strategies for a New Wa...
Back to the Future with the “API Economy”: Management Strategies for a New Wa...
 
Pragmatic Devops
Pragmatic DevopsPragmatic Devops
Pragmatic Devops
 
The Rationale for Continuous Delivery (The culture and practice of good softw...
The Rationale for Continuous Delivery (The culture and practice of good softw...The Rationale for Continuous Delivery (The culture and practice of good softw...
The Rationale for Continuous Delivery (The culture and practice of good softw...
 
Implications of Open Source Software Use (or Let's Talk Open Source)
Implications of Open Source Software Use (or Let's Talk Open Source)Implications of Open Source Software Use (or Let's Talk Open Source)
Implications of Open Source Software Use (or Let's Talk Open Source)
 
Markings of a Healthy OSS Project
Markings of a Healthy OSS ProjectMarkings of a Healthy OSS Project
Markings of a Healthy OSS Project
 
DevOps Roadtrip Minneapolis
DevOps Roadtrip Minneapolis DevOps Roadtrip Minneapolis
DevOps Roadtrip Minneapolis
 

More from Sonatype

DevOps Days Columbus - Derek Weeks - 2019
DevOps Days Columbus - Derek Weeks - 2019DevOps Days Columbus - Derek Weeks - 2019
DevOps Days Columbus - Derek Weeks - 2019Sonatype
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference ArchitecturesSonatype
 
RSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxRSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxSonatype
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
30+ Nexus Integrations to Accelerate DevOps
30+ Nexus Integrations to Accelerate DevOps30+ Nexus Integrations to Accelerate DevOps
30+ Nexus Integrations to Accelerate DevOpsSonatype
 
2017 DevSecOps Survey
2017 DevSecOps Survey2017 DevSecOps Survey
2017 DevSecOps SurveySonatype
 
Starting and Scaling DevOps In the Enterprise
Starting and Scaling DevOps In the EnterpriseStarting and Scaling DevOps In the Enterprise
Starting and Scaling DevOps In the EnterpriseSonatype
 
DevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & MicroservicesDevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & MicroservicesSonatype
 
The Unrealized Role of Monitoring & Alerting w/ Jason Hand
The Unrealized Role of Monitoring & Alerting w/ Jason HandThe Unrealized Role of Monitoring & Alerting w/ Jason Hand
The Unrealized Role of Monitoring & Alerting w/ Jason HandSonatype
 
DevOps and All the Continuouses w/ Helen Beal
DevOps and All the Continuouses w/ Helen BealDevOps and All the Continuouses w/ Helen Beal
DevOps and All the Continuouses w/ Helen BealSonatype
 
Serverless and the Way Forward
Serverless and the Way ForwardServerless and the Way Forward
Serverless and the Way ForwardSonatype
 
A Small Association's Journey to DevOps w/ Edward Ruiz
A Small Association's Journey to DevOps w/ Edward RuizA Small Association's Journey to DevOps w/ Edward Ruiz
A Small Association's Journey to DevOps w/ Edward RuizSonatype
 
What's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris SwanWhat's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris SwanSonatype
 
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-orsCharacterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-orsSonatype
 
Static Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin CollinsStatic Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin CollinsSonatype
 
Automated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSAutomated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSSonatype
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using AnsibleSonatype
 
There is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless ArchitectureThere is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless ArchitectureSonatype
 
Getting out of the Job Jungle with Jenkins
Getting out of the Job Jungle with JenkinsGetting out of the Job Jungle with Jenkins
Getting out of the Job Jungle with JenkinsSonatype
 
Modern Infrastructure Automation
Modern Infrastructure AutomationModern Infrastructure Automation
Modern Infrastructure AutomationSonatype
 

More from Sonatype (20)

DevOps Days Columbus - Derek Weeks - 2019
DevOps Days Columbus - Derek Weeks - 2019DevOps Days Columbus - Derek Weeks - 2019
DevOps Days Columbus - Derek Weeks - 2019
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
 
RSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxRSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all Equifax
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
 
30+ Nexus Integrations to Accelerate DevOps
30+ Nexus Integrations to Accelerate DevOps30+ Nexus Integrations to Accelerate DevOps
30+ Nexus Integrations to Accelerate DevOps
 
2017 DevSecOps Survey
2017 DevSecOps Survey2017 DevSecOps Survey
2017 DevSecOps Survey
 
Starting and Scaling DevOps In the Enterprise
Starting and Scaling DevOps In the EnterpriseStarting and Scaling DevOps In the Enterprise
Starting and Scaling DevOps In the Enterprise
 
DevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & MicroservicesDevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & Microservices
 
The Unrealized Role of Monitoring & Alerting w/ Jason Hand
The Unrealized Role of Monitoring & Alerting w/ Jason HandThe Unrealized Role of Monitoring & Alerting w/ Jason Hand
The Unrealized Role of Monitoring & Alerting w/ Jason Hand
 
DevOps and All the Continuouses w/ Helen Beal
DevOps and All the Continuouses w/ Helen BealDevOps and All the Continuouses w/ Helen Beal
DevOps and All the Continuouses w/ Helen Beal
 
Serverless and the Way Forward
Serverless and the Way ForwardServerless and the Way Forward
Serverless and the Way Forward
 
A Small Association's Journey to DevOps w/ Edward Ruiz
A Small Association's Journey to DevOps w/ Edward RuizA Small Association's Journey to DevOps w/ Edward Ruiz
A Small Association's Journey to DevOps w/ Edward Ruiz
 
What's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris SwanWhat's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris Swan
 
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-orsCharacterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
 
Static Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin CollinsStatic Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin Collins
 
Automated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSAutomated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSS
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using Ansible
 
There is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless ArchitectureThere is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless Architecture
 
Getting out of the Job Jungle with Jenkins
Getting out of the Job Jungle with JenkinsGetting out of the Job Jungle with Jenkins
Getting out of the Job Jungle with Jenkins
 
Modern Infrastructure Automation
Modern Infrastructure AutomationModern Infrastructure Automation
Modern Infrastructure Automation
 

Recently uploaded

Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 

Recently uploaded (20)

Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 

Findings Revealed: 2015 State of the Software Supply Chain

Editor's Notes

  1. We are in the business of open source governance, management and compliance (add in slide or on cover slide) Your Company Runs on Software – it must be trusted
  2. The suppliers and the manufacturers need to share information. And right now that communication channel is not only broken, it simply doesn’t exist. Components are updated an average of 4X a year to fix issues, but how do the manufacturers even learn about it? …….. Supply chain management at Toyota was transformational. They went from being a textile company to the world’s leading automobile manufacturer, largely because of these improvements and these principles. And even today, the effect of their philosophy is pretty remarkable to me. For example, Toyota-wide, they have 226 suppliers. General Motors has 5,500. And so imagine the efficiencies of only having to deal with 226 suppliers as opposed to 5,000. And what’s further to that, is that GM produces 54% of the content of their vehicles and Toyota produces 27%. So, GM has 1/20th the suppliers, and yet they produce half of the content of their vehicles. And so it’s no surprise that a Volt costs $40,000 and a Prius $20,000. And the Prius sells 20,000 units a month and GM sells 1,700.
  3. The suppliers and the manufacturers need to share information. And right now that communication channel is not only broken, it simply doesn’t exist. Components are updated an average of 4X a year to fix issues, but how do the manufacturers even learn about it? …….. Supply chain management at Toyota was transformational. They went from being a textile company to the world’s leading automobile manufacturer, largely because of these improvements and these principles. And even today, the effect of their philosophy is pretty remarkable to me. For example, Toyota-wide, they have 226 suppliers. General Motors has 5,500. And so imagine the efficiencies of only having to deal with 226 suppliers as opposed to 5,000. And what’s further to that, is that GM produces 54% of the content of their vehicles and Toyota produces 27%. So, GM has 1/20th the suppliers, and yet they produce half of the content of their vehicles. And so it’s no surprise that a Volt costs $40,000 and a Prius $20,000. And the Prius sells 20,000 units a month and GM sells 1,700.
  4. Cycle Time Squeeze Work Arounds Batch Scans Rework Exposure
  5. Cycle Time Squeeze Work Arounds Batch Scans Rework Exposure
  6. First of all… when you can clearly see the threat levels of components in your IDE, you can easily shift to a safer one. The area here in the lower right works like a slider… you simply slide to the right to identify a safer, accepted version of a component. So you see, you not only see a potential problem early one, but you also see the solution. Better yet… ========= Click onto pane and zoom in and zoom out Guide your eyes to the RIGHT…. This is a normal Developer IDE called Eclipse… Sonatype made a PLUGIN within it to show a developer the component BEFORE before they choose or commit to ELECTIVE/AVOIDABLE Risk/AttackSurface/Complexity/LegalIssues … The RED chain (e.g.) is every version of Strut2-core…. And if you move RIGHT far enough…. It will lack KNOW CRITICAL vulnerabilities. The Green bar charts are the download popularity… which doesn’t speak at all to SECURITY… but may give people more comfort that it is stable and being used. License rsik is based on self-defined policy – we track if the use of this license can cause your whole website to now be FREE common opensource – like GPL… which might be very bad for you… and a DIFFERENT type of risk…
  7. When do you have an hour to spare?