Tag Archives: open source

Better and Fewer Suppliers (2015 Software Supply Chain Report)


June 17, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 2.56.10 PM

Today I want to focus on the huge ecosystem of open source projects (“suppliers”) that feed a steady stream of innovative components into our software supply chains. In the Java ecosystem alone, there are now over 108,000 suppliers of open source components. Across all component types available to developers (e.g., RubyGems, NuGet, npm, Bower, PyPI, etc.), estimates now reach over 650,000 suppliers of open source projects.

Continue reading...

Categories: Uncategorized

Nigel’s Wake-up Call: Scaling Open Source Governance


November 3, 2014 By
Derek Weeks
Portrait of a surprised young man wearing eyeglasses

The Wake-up Call They had downloaded over 200,000 open source components in the past year.  And their open source policy…the one established to protect against license risks and security vulnerabilities?  It covered about 3% of them. This is how Nigel Simpson, Director of Architecture at a major media and entertainment company, described his organization’s “huge” […]

Continue reading...

Categories: Uncategorized

Bash 2014 – This Is Not a Party


September 25, 2014 By
Derek Weeks
Hipsters blowing confetti

I can honestly say that although referred to by the media as Shellshocked, I am neither shocked nor awed. I can’t say that I am a fan of the latest glorification of bugs like Heartbleed and Shellshock in a fashion similar to tropical storms, but if it gets more people to pay attention to the exponential growth of our reliance on software I can’t say I am too worked up about it either. One thing that is unarguable is that this just happens to be the latest (and if you are reading this before you have patched stop right now, patch, and then come back to finish).

Continue reading...

Categories: Uncategorized

What Happened Sept 16th?


September 23, 2014 By
Derek Weeks
OWASP Board

We led an invasion last week armed with a flying drone, glowing lightsabers, and the latest knowledge on open source security vulnerabilities. Our mission? Lead, share, educate, moderate, and have some fun. Our coordinates? This year’s AppSecUSA 2014 event in Denver, Colorado. If you were there, you couldn’t miss us. If you weren’t there, don’t fret…they caught the entire thing on video.

Continue reading...

Categories: Uncategorized