Tag Archives: software supply chain

Software Supply Chains: DevOps Lessons Learned from Southwest Airlines

November 23, 2015 By
Wayne Jackson

I was talking to a new business acquaintance the other day and had a really interesting exchange. It went something like this: Him: So, what does Sonatype do? Me: We work in the software development realm doing this new thing called Software Supply Chain Automation. Him: What does that mean? Me: Well, modern software is, […]

Continue reading...

Make Nexus Part of the DevOps Dozen

August 6, 2015 By
Zach Peretti
Screen Shot 2015-08-06 at 10.33.44 AM

DevOps.com has compiled a list of companies they believe to be the most well known DevOps products in the market today. We are excited and honored to have Nexus nominated under the repository manager category. As DevOps.com put it — “To succeed in todays speed of business, app-centric world the old ways of doing business […]

Continue reading...

Rework is Choking Software (2015 State of the Software Supply Chain Report)

June 23, 2015 By
Derek Weeks

“Software may be eating the world, but rework is choking software”, tweeted John Jeremiah (@j_jeremiah). To shed more light on what is choking software, new data was released last week in the 2015 State of the Software Supply Chain Report.

Continue reading...

Better and Fewer Suppliers (2015 Software Supply Chain Report)

June 17, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 2.56.10 PM

Today I want to focus on the huge ecosystem of open source projects (“suppliers”) that feed a steady stream of innovative components into our software supply chains. In the Java ecosystem alone, there are now over 108,000 suppliers of open source components. Across all component types available to developers (e.g., RubyGems, NuGet, npm, Bower, PyPI, etc.), estimates now reach over 650,000 suppliers of open source projects.

Continue reading...

We Lack Building Codes for Building Software Code [VIDEO]

June 15, 2015 By
Mark Miller
Screen Shot 2015-07-29 at 11.34.31 AM

At Josh Corman’s presentation during AppSecEU 2015, he brought up the analogy of buildings codes, those laws and regulations that mandate how architectural buildings are built. It’s the reason earthquakes in some regions of the world are so devastating, while even stronger ones in other areas cause minimal damage.

Continue reading...

The 2015 State of the Software Supply Chain Report

June 11, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 2.58.40 PM

In April of this year, I embarked on a six-week journey diving deep into an analysis of the world’s software supply chains. I evaluated the practices of 106,000 organizations, the 100,000+ suppliers they relied on, and the billions of software components that fueled their agile, continuous delivery and DevOps practices.

Continue reading...

The Software Supply Chain Piques Interest

February 9, 2015 By
Derek Weeks
3d illustration of a gold chain - conceptual image

As we looked back at what our readers found most intriguing in the past year, we found one central theme: managing their software supply chain. Our readers wanted to know in a continuous world, where speed and quality often compete how can they develop software faster while becoming more profitable ensuring quality and managing risk.

Continue reading...

Trusting Third-Party Code That Can’t Be Trusted

July 22, 2014 By
Derek Weeks
Code that can't be trusted

Paul Roberts (@paulfroberts) at InfoWorld recently shared his perspective on “5 big security mistakes coders make”. First on his list was trusting third-party code that can’t be trusted. Paul shares: “If you program for a living, you rarely — if ever — build an app from scratch. It’s much more likely that you’re developing an application from a pastiche of proprietary code that you or your colleagues created, partnered with open source or commercial, third-party software or services that you rely on to perform critical functions.

Continue reading...

Part 3: The Internet of Everything: Code, Cars, and More

July 21, 2014 By
Wayne Jackson
Component Complexity

In part two of my blog ‘A Closer Look at Today’s Software Supply Chain’, I discussed why human-speed supply chain management can’t keep pace with today’s agile software development practices and why high quality software components are not simply a given. In this final segment, I will share a real world story on how thousands of organizations sourced one “bad part” named Bouncy Castle in 2013.

Continue reading...