Tag Archives: Compliance

The Cost to DevOps: 27 Mufflers


July 16, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 2.51.00 PM

Imagine that you are designing the 2016 Range Rover line of sport utility vehicles. Like all gas powered vehicles, each one needs an exhaust muffler. Range Rover likely has narrowed in on a preferred provider of mufflers. But imagine what would happen if the designers and factory line workers could pick from any one of 27 past versions of that muffler from their preferred provider for the new model year.

Continue reading...

Better and Fewer Suppliers (2015 Software Supply Chain Report)


June 17, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 2.56.10 PM

Today I want to focus on the huge ecosystem of open source projects (“suppliers”) that feed a steady stream of innovative components into our software supply chains. In the Java ecosystem alone, there are now over 108,000 suppliers of open source components. Across all component types available to developers (e.g., RubyGems, NuGet, npm, Bower, PyPI, etc.), estimates now reach over 650,000 suppliers of open source projects.

Continue reading...

DevOps Leadership Series: Gov Does DevOps


May 27, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 4.30.20 PM

This past week, I had the opportunity to catch up with some more industry thought leaders at the DevOpsDays DC event in our nation’s capital. This was the first major DevOps Days event to feature a large audience of government participants. It was an awesome event and is certainly going to be on my must-attend list for next year.

Continue reading...

3 Reasons Manual Policies Just Don’t Work


June 10, 2014 By
Derek Weeks
Current State of Open Source Policies

Over the past four years, Sonatype has surveyed open source development organizations and year after year, we find that developers have the best intentions. They strive to build good quality code, free of defects and flaws but when it comes to policies that enforce these standards, the manual review process is at odds with how developers really work. If you don’t believe me, here are just a few examples of how developers describe the challenge manual policies create.

Continue reading...

PCI 3.0 – Secure Payment Requires Secure Components


November 14, 2013 By
Derek Weeks

Well there is nothing like an updated specification that drives action or interest in a topic. We’re seeing that with the introduction of PCI 3.0. While there are several key updates to the specification, the one I find most interesting reflects the reality of how applications are constructed today – from components. It’s great to […]

Continue reading...