matthewabq, profile picture
Uploaded bymatthewabq
PDF, PPTX700 views

Software supply chain management: Gaining velocity without losing control

The document discusses the importance of software supply chain management, highlighting that 90% of typical applications rely on third-party components. It suggests automating the software supply chain using three principles: utilizing higher quality parts, reducing the number of suppliers, and tracking component use. The analysis indicates many organizations lack an open source policy and emphasizes the need for better visibility and governance in software development to enhance quality and efficiency.

Embed presentation

Download as PDF, PPTX
1 Software supply chain management: Gaining velocity without losing control Yu-Chen Hsueh Customer Success Engineer yhsueh@sonatype.com (408)881-3894
@sonatype
@sonatype
106,000Organizations Analyzed Source: 2015 State of the Software Supply Chain Report @sonatype
We all have a SOFTWARE SUPPLY CHAIN @sonatype
How Dependent on 3rd Parties Are We? 10% Custom Written Code Typical Application Open Source Cloud Services Closed Source 90% From 3rd Parties @sonatype
Need speed, efficiency & quality for agile, continuous DevOps? Automate your software supply chain with three proven principles: Use higher quality parts Use better & fewer suppliers Track what you use and where
@sonatype
CHANGE Typical component is updated 3 - 4X per year. 985,000 OSS COMPONENTS 11 MILLION OSS USERS108,000 SUPPLIERS Source: 2015 State of the Software Supply Chain Report @sonatype
Suppliers Serving Manufacturers Source: 2015 State of the Software Supply Chain Report Orders (downloads) Suppliers (artifacts) Parts (versions) Average 240,757 7,601 18,614 @sonatype
59% never repaired 41% 390 days (median 265 days). CVSS 10s 224 days <7 The best were remediated in under a week. Source: USENIX, https://www.usenix.org/system/files/login/articles/15_geer_0.pdf @sonatype
@sonatype
Source: modulecounts.com @sonatype
Sample of Open Source Repositories 2014 Volume of Download Requests Central.sonatype.org 17,213,084,947 Npmjs.org 15,460,748,856 NuGetGallery.com 280,124,916 Bintray.com 250,000,000 Source: 2015 State of the Software Supply Chain Report @sonatype
Repository Managers Accessing the Central Repository Source: 2015 State of the Software Supply Chain Report @sonatype
Source: 2015 State of the Software Supply Chain Report Public Repos Local Repo Build Tool Public Repos Build Tool 95% of downloads 5% of downloads @sonatype
27
100-200 Cycle Time: Minutes-Hours @sonatype
Source: 2015 State of the Software Supply Chain Report 240,000Components Downloaded Annually @sonatype
Q: Does your organization have an open source policy? Half of organizations continue to run without an open source policy. Source: 2012, 2013, 2014 Sonatype Open Source Development and Application Security Survey @sonatype
If it does not fit, it does not get done. @sonatype
Orders Quality Control Average downloads # with known vulnerabilities % with known vulnerabilities % known vulnerabilities (2013 or older) 240,757 15,337 7.5% 66.3% Download Volumes of Old CVEs Source: 2015 State of the Software Supply Chain Report @sonatype
Image Source: caranddriver.com @sonatype
@sonatype
Analysis of 1,500+ Applications 106 components 24 known vulnerabilities 9 restrictive licenses @sonatype
v
What if manufacturers built cars the way we build software: without supply chain visibility, process and automation … They could choose any supplier they want for any given part, regardless of quality. Any part can be chosen even if it is outdated or known to be unsafe. Since there is no visibility, it is very slow and costly to recall a part. There is no quality control or consistency from car to car. There is no inventory of the parts that were used, or where.
1 2 3 Create a software Bill of Materials for your application Design a frictionless, automated, “continuous” approach Empower developers with the right information at the right time @sonatype
CREATE A SOFTWARE BILL OF MATERIALS bit.ly/softwareBOM 5MINUTES @sonatype
Supply chain advantage Source: Toyota Supply Chain Management: A Strategic Approach to Toyota’s Renowned System, by Ananth Iyer and Sridhar Seshadri
IT’S TIME WE IMPROVE OUR SOFTWARE SUPPLY CHAINS … LEVERAGING COLLABORATION + GOVERNANCE TO CREATE VALUE!

More Related Content

PPTX
Accelerating innovation with software supply chain management
bymatthewabq
 
PDF
Take your code and quality to the next level by Serena Software
bySerena Software
 
PPTX
An update to software testing trends
byBugRaptors
 
PPTX
Accelerating Innovation with Software Supply Chain Management
bySonatype
 
PPTX
Findings Revealed: 2015 State of the Software Supply Chain
bySonatype
 
PDF
Digital Assurance - Today & Tomorrow
byAgile Testing Alliance
 
PPTX
A "Firewall" for Bad Binaries
bySonatype
 
PDF
What is Software Testing?
byQAI Global
 
Accelerating innovation with software supply chain management
bymatthewabq
 
Take your code and quality to the next level by Serena Software
bySerena Software
 
An update to software testing trends
byBugRaptors
 
Accelerating Innovation with Software Supply Chain Management
bySonatype
 
Findings Revealed: 2015 State of the Software Supply Chain
bySonatype
 
Digital Assurance - Today & Tomorrow
byAgile Testing Alliance
 
A "Firewall" for Bad Binaries
bySonatype
 
What is Software Testing?
byQAI Global
 

What's hot

PPTX
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
byOutpost24
 
PDF
Seven Steps to Remove Barriers and Accelerate Mobile Testing
byKeynote Mobile Testing
 
PDF
Delivering high-quality apps 6 times, every week
byTariq Patel
 
PDF
Automated testing of software applications using machine learning edited
byMilind Kelkar
 
PDF
Collaborative Mobile Test Automation
byKeynote Mobile Testing
 
PDF
Automated software testing complete guide
byTestingXperts
 
PDF
[Europe merge world tour] Coverity Development Testing
byPerforce
 
PPTX
Effective practices for API Test Automation
byCigniti Technologies Ltd
 
PDF
Case study on functional testing
by360logica Software Testing Services (A Saksoft Company)
 
PPTX
Continuous Testing: The Path Forward
byPerfecto by Perforce
 
PPTX
The Illusion of Control: Seven Deadly Wastes in Your Devops Practice
bymatthewabq
 
PPTX
API Automation and TDD to Implement Master Data Survivorship Rules
bySmartBear
 
PDF
AppsSec In a DevOps World
byParasoft
 
PDF
ABC's of Service Virtualization
byParasoft
 
PPTX
Monitoring Solutions for APIs
byApigee | Google Cloud
 
PPTX
Artificial intelligence in qa
byTaras Lytvyn
 
PDF
Better Governance Banking on Continuous Delivery
byTapabrata Pal
 
PPTX
Implementation of DevOps at SmartBear
bySmartBear
 
PDF
Cigniti joint webinar with Soasta - Agile DevOps: Test-driven IT Environment ...
byCigniti Technologies Ltd
 
PPTX
End-to-End Software testing services at Faststream technologies
byFaststream Technologies
 
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
byOutpost24
 
Seven Steps to Remove Barriers and Accelerate Mobile Testing
byKeynote Mobile Testing
 
Delivering high-quality apps 6 times, every week
byTariq Patel
 
Automated testing of software applications using machine learning edited
byMilind Kelkar
 
Collaborative Mobile Test Automation
byKeynote Mobile Testing
 
Automated software testing complete guide
byTestingXperts
 
[Europe merge world tour] Coverity Development Testing
byPerforce
 
Effective practices for API Test Automation
byCigniti Technologies Ltd
 
Case study on functional testing
by360logica Software Testing Services (A Saksoft Company)
 
Continuous Testing: The Path Forward
byPerfecto by Perforce
 
The Illusion of Control: Seven Deadly Wastes in Your Devops Practice
bymatthewabq
 
API Automation and TDD to Implement Master Data Survivorship Rules
bySmartBear
 
AppsSec In a DevOps World
byParasoft
 
ABC's of Service Virtualization
byParasoft
 
Monitoring Solutions for APIs
byApigee | Google Cloud
 
Artificial intelligence in qa
byTaras Lytvyn
 
Better Governance Banking on Continuous Delivery
byTapabrata Pal
 
Implementation of DevOps at SmartBear
bySmartBear
 
Cigniti joint webinar with Soasta - Agile DevOps: Test-driven IT Environment ...
byCigniti Technologies Ltd
 
End-to-End Software testing services at Faststream technologies
byFaststream Technologies
 

Viewers also liked

PDF
Social CRM (Follow Fridays)
byTijs Vrolix
 
PPTX
Operation Support System (Erp, Scm, Crm )
bynoviantokuswandi
 
PPT
From Fans and Followers to Customers and Advocates: Social CRM Presentation a...
byJacob Morgan
 
PDF
Social CRM: Towards Enhanced Customer Relationship Management
byMSL
 
PPTX
Customer relation management
byJoe Simon
 
PPT
Social CRM - Concept, Benefits and Approach to adopt
byFabio Cipriani
 
PPTX
SalesFundaa CRM Software ppt
bySamantha Taylor
 
PDF
2011 Top 40 CRM Software Vendors
bylelandb01
 
PPT
Supply Chain Management
byRam Dutt Shukla
 
PDF
Overview Of Effective CRM Implementation And Operation
byAlan McSweeney
 
PPSX
Proactive CRM for Auto DMS
byProactivesoft
 
PPT
Supply Chain Management
byNurhazman Abdul Aziz
 
Social CRM (Follow Fridays)
byTijs Vrolix
 
Operation Support System (Erp, Scm, Crm )
bynoviantokuswandi
 
From Fans and Followers to Customers and Advocates: Social CRM Presentation a...
byJacob Morgan
 
Social CRM: Towards Enhanced Customer Relationship Management
byMSL
 
Customer relation management
byJoe Simon
 
Social CRM - Concept, Benefits and Approach to adopt
byFabio Cipriani
 
SalesFundaa CRM Software ppt
bySamantha Taylor
 
2011 Top 40 CRM Software Vendors
bylelandb01
 
Supply Chain Management
byRam Dutt Shukla
 
Overview Of Effective CRM Implementation And Operation
byAlan McSweeney
 
Proactive CRM for Auto DMS
byProactivesoft
 
Supply Chain Management
byNurhazman Abdul Aziz
 

Similar to Software supply chain management: Gaining velocity without losing control

PDF
Hidden Speed Bumps on the Road to "Continuous"
bySonatype
 
PPTX
Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...
byEmerasoft, solutions to collaborate
 
PDF
CloudBees and Sonatype - MeetUp
byRavi Lachhman
 
PDF
White Paper: Software Supply Chain Automation: Going Beyond Agile, Lean and D...
bySonatype
 
PDF
Optimizing Software Supply Chains
byCognizant
 
PDF
Sonatype's 2013 OSS Software Survey
bySonatype
 
PDF
Webinar: "La supply chain del software vista a raggi X"
byEmerasoft, solutions to collaborate
 
PPTX
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
byEmerasoft, solutions to collaborate
 
PDF
Risks in the Software Supply Chain
bySonatype
 
PDF
Risks in the Software Supply Chain
byMark Sherman
 
PPTX
Webinar: "Il software: la strategia vincente sta nella qualità"
byEmerasoft, solutions to collaborate
 
PPTX
2019 04-18 -DevSecOps-software supply chain
byCameron Townshend
 
PPTX
2015 | Continuous Acceleration: Why Continuous Everything Needs A Supply Chai...
byjoshcorman
 
PPTX
Continuous acceleration devopsdaysdc2015_corman
bydaachi
 
PDF
JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...
byCloudBees
 
PPTX
7 Reasons Your Applications are Attractive to Adversaries
byDerek E. Weeks
 
PDF
Flexera Software's Why
byFlexera
 
PDF
2024 Trends in Software Supply Chain Security
byAnchore
 
PDF
Open Source 360° Survey Key Takeaways
byBlack Duck by Synopsys
 
PPTX
Live 2014 Survey Results: Open Source Development and Application Security Su...
bySonatype
 
Hidden Speed Bumps on the Road to "Continuous"
bySonatype
 
Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...
byEmerasoft, solutions to collaborate
 
CloudBees and Sonatype - MeetUp
byRavi Lachhman
 
White Paper: Software Supply Chain Automation: Going Beyond Agile, Lean and D...
bySonatype
 
Optimizing Software Supply Chains
byCognizant
 
Sonatype's 2013 OSS Software Survey
bySonatype
 
Webinar: "La supply chain del software vista a raggi X"
byEmerasoft, solutions to collaborate
 
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
byEmerasoft, solutions to collaborate
 
Risks in the Software Supply Chain
bySonatype
 
Risks in the Software Supply Chain
byMark Sherman
 
Webinar: "Il software: la strategia vincente sta nella qualità"
byEmerasoft, solutions to collaborate
 
2019 04-18 -DevSecOps-software supply chain
byCameron Townshend
 
2015 | Continuous Acceleration: Why Continuous Everything Needs A Supply Chai...
byjoshcorman
 
Continuous acceleration devopsdaysdc2015_corman
bydaachi
 
JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...
byCloudBees
 
7 Reasons Your Applications are Attractive to Adversaries
byDerek E. Weeks
 
Flexera Software's Why
byFlexera
 
2024 Trends in Software Supply Chain Security
byAnchore
 
Open Source 360° Survey Key Takeaways
byBlack Duck by Synopsys
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
bySonatype
 

Recently uploaded

PDF
ACE Aarhus February 2026: Atlassian news
byDanielEriksen5
 
PPTX
Data Skills for Business Analysts: What You Need to Succeed
byScott W. Ambler
 
PDF
Build Modern Applications with Amazon Aurora DSQL- AWS User Group Bonn 2026
byVadym Kazulkin
 
PDF
Building Smarter AI: 16 RAG Approaches for Accuracy, Memory, and Reasoning Vi...
byVineet Sharma
 
PPTX
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
PDF
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
PPTX
Connecting to MCP Servers in OutSystems Platform
byOzanCali
 
PDF
Lost Android Phone Recovery_ Steps That Work Fast.pdf
byIsabella Reed
 
PDF
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
PPTX
Topic: Introduction to Storage Elements Flip-Flops.pptx
byhn486916
 
DOCX
A Comprehensive Guide To Buy Verified PayPal Accounts_.docx
bysmartusapva.com
 
PPTX
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
PDF
The Ultimate Guide to Real Estate Tokenization Platforms
byDaniel Smith
 
PDF
Powering Spring AI with Model Context Protocol Integration
byJuarez Junior
 
PDF
Ready, Set, REST! Introducing MySQL's Built-In REST Service
byMiguel Araújo
 
PDF
Jira, Powered by Enterprise-Grade Intelligence from NeoroTalks.pdf
byNeoro Talks
 
PDF
On Demand Massage Therapist Booking App Development
byV3CUBE TECHNOLABS
 
PDF
Langchain4J – An Introduction for Impatient Developers
byJuarez Junior
 
PDF
Doctor On Call App Development for Digital Healthcare.
byV3CUBE TECHNOLABS
 
PDF
Clean Architecture with Vertical Slice Architecture in .NET 8
byVineet Sharma
 
ACE Aarhus February 2026: Atlassian news
byDanielEriksen5
 
Data Skills for Business Analysts: What You Need to Succeed
byScott W. Ambler
 
Build Modern Applications with Amazon Aurora DSQL- AWS User Group Bonn 2026
byVadym Kazulkin
 
Building Smarter AI: 16 RAG Approaches for Accuracy, Memory, and Reasoning Vi...
byVineet Sharma
 
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
Connecting to MCP Servers in OutSystems Platform
byOzanCali
 
Lost Android Phone Recovery_ Steps That Work Fast.pdf
byIsabella Reed
 
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
Topic: Introduction to Storage Elements Flip-Flops.pptx
byhn486916
 
A Comprehensive Guide To Buy Verified PayPal Accounts_.docx
bysmartusapva.com
 
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
The Ultimate Guide to Real Estate Tokenization Platforms
byDaniel Smith
 
Powering Spring AI with Model Context Protocol Integration
byJuarez Junior
 
Ready, Set, REST! Introducing MySQL's Built-In REST Service
byMiguel Araújo
 
Jira, Powered by Enterprise-Grade Intelligence from NeoroTalks.pdf
byNeoro Talks
 
On Demand Massage Therapist Booking App Development
byV3CUBE TECHNOLABS
 
Langchain4J – An Introduction for Impatient Developers
byJuarez Junior
 
Doctor On Call App Development for Digital Healthcare.
byV3CUBE TECHNOLABS
 
Clean Architecture with Vertical Slice Architecture in .NET 8
byVineet Sharma
 

Software supply chain management: Gaining velocity without losing control

  • 1.
    1 Software supply chain management: Gaining velocity withoutlosing control Yu-Chen Hsueh Customer Success Engineer yhsueh@sonatype.com (408)881-3894
  • 2.
  • 3.
  • 4.
    106,000Organizations Analyzed Source: 2015State of the Software Supply Chain Report @sonatype
  • 5.
    We all havea SOFTWARE SUPPLY CHAIN @sonatype
  • 6.
    How Dependent on3rd Parties Are We? 10% Custom Written Code Typical Application Open Source Cloud Services Closed Source 90% From 3rd Parties @sonatype
  • 7.
    Need speed, efficiency& quality for agile, continuous DevOps? Automate your software supply chain with three proven principles: Use higher quality parts Use better & fewer suppliers Track what you use and where
  • 8.
  • 9.
    CHANGE Typical component is updated3 - 4X per year. 985,000 OSS COMPONENTS 11 MILLION OSS USERS108,000 SUPPLIERS Source: 2015 State of the Software Supply Chain Report @sonatype
  • 10.
    Suppliers Serving Manufacturers Source:2015 State of the Software Supply Chain Report Orders (downloads) Suppliers (artifacts) Parts (versions) Average 240,757 7,601 18,614 @sonatype
  • 11.
    59% never repaired 41% 390 days(median 265 days). CVSS 10s 224 days <7 The best were remediated in under a week. Source: USENIX, https://www.usenix.org/system/files/login/articles/15_geer_0.pdf @sonatype
  • 12.
  • 13.
  • 14.
    Sample of Open Source Repositories 2014 Volumeof Download Requests Central.sonatype.org 17,213,084,947 Npmjs.org 15,460,748,856 NuGetGallery.com 280,124,916 Bintray.com 250,000,000 Source: 2015 State of the Software Supply Chain Report @sonatype
  • 15.
    Repository Managers Accessingthe Central Repository Source: 2015 State of the Software Supply Chain Report @sonatype
  • 16.
    Source: 2015 Stateof the Software Supply Chain Report Public Repos Local Repo Build Tool Public Repos Build Tool 95% of downloads 5% of downloads @sonatype
  • 17.
  • 18.
  • 19.
    Source: 2015 Stateof the Software Supply Chain Report 240,000Components Downloaded Annually @sonatype
  • 20.
    Q: Does yourorganization have an open source policy? Half of organizations continue to run without an open source policy. Source: 2012, 2013, 2014 Sonatype Open Source Development and Application Security Survey @sonatype
  • 21.
    If it doesnot fit, it does not get done. @sonatype
  • 22.
    Orders Quality Control Average downloads #with known vulnerabilities % with known vulnerabilities % known vulnerabilities (2013 or older) 240,757 15,337 7.5% 66.3% Download Volumes of Old CVEs Source: 2015 State of the Software Supply Chain Report @sonatype
  • 23.
  • 24.
  • 25.
    Analysis of 1,500+Applications 106 components 24 known vulnerabilities 9 restrictive licenses @sonatype
  • 26.
  • 27.
    What if manufacturersbuilt cars the way we build software: without supply chain visibility, process and automation … They could choose any supplier they want for any given part, regardless of quality. Any part can be chosen even if it is outdated or known to be unsafe. Since there is no visibility, it is very slow and costly to recall a part. There is no quality control or consistency from car to car. There is no inventory of the parts that were used, or where.
  • 28.
    1 2 3 Create a softwareBill of Materials for your application Design a frictionless, automated, “continuous” approach Empower developers with the right information at the right time @sonatype
  • 29.
    CREATE A SOFTWAREBILL OF MATERIALS bit.ly/softwareBOM 5MINUTES @sonatype
  • 30.
    Supply chain advantage Source:Toyota Supply Chain Management: A Strategic Approach to Toyota’s Renowned System, by Ananth Iyer and Sridhar Seshadri
  • 31.
    IT’S TIME WEIMPROVE OUR SOFTWARE SUPPLY CHAINS … LEVERAGING COLLABORATION + GOVERNANCE TO CREATE VALUE!