Part 1: The Internet of Everything: Code, Cars, and More

July 17, 2014 By Wayne Jackson

3 minute read time

What follows is part 1 of a 3 part blog series.

Part 1: It’s Just the Way Software is Made

Today software runs the things that run our world. In fact, I’m starting to see the pundits talk not just about the Internet of Things, but about the Internet of Everything. With software so deeply embedded in every aspect of our lives, the companies running the software are accountable for protecting the consumers using it. In fact, it is just a matter of time before software liability becomes a reality (but that is a topic for another day).

Just like automobile manufacturers, software “manufacturers” need to apply supply chain management principles for both efficiency and quality. They need to be prepared to conduct a rapid and comprehensive “recall” when a defect is found. And today’s modern development practices make this, well, challenging to say the least.

Bear with me a moment, as I take you through a quick history of Toyota’s supply chain innovations … then I promise to bring this back to your software supply chain.

Toyota Transforms and Outperforms (Laying Agile Foundations)

In 1926, Sakichi Toyoda founded Toyoda Automatic Loom Works. From the start, he obsessed over efficiency and automation. He invented and ran the most advanced looms in the world – delivering dramatic improvements in quality and a 20-fold increase in productivity. Perfection and efficiency were so ingrained in his production processes, his looms stopped automatically whenever a thread broke, for example.

When Sakichi’s son, Kiichiro, decided to move from textiles to auto manufacturing, the apple did not fall far from the tree. Kiichiro set about optimizing everything conceivable in the production of automobiles. His production innovations, eventually called the Toyota Production System (TPS), gave rise to Lean Manufacturing and Supply Chain Management principles.

Today, the effect of these principles on Toyota’s efficiency is remarkable. Company-wide, Toyota has a total of 226 suppliers while GM has more than 5,000. Toyota produces only 27% of the content of their vehicles while GM produces more than 54% of theirs. That means GM has twenty times the suppliers but still produces twice as much of their vehicles. The result? A Chevy Volt sells for nearly double the price of the Toyota Prius while the Prius outsells the Volt nearly fifteen to one.

The First Wave: Toyota’s Principles Drive the Innovations in Agile

Toyota’s principles not only improved auto manufacturing, but also extended to many other industries including software development. As early as 2000, Fujitsu Software Technologies -- desperate to improve productivity and overcome IT budget deflation in the post-bubble economy -- decided to experiment with applying TPS Lean Manufacturing to software development. This effort led to a wave of innovation in agile software development. A success that, in hindsight, is not at all surprising.

The Second Wave: Agile Meets Component-Based Development

Where Agile methods were based on iterative and incremental development (embracing Toyota’s lean manufacturing principles), Fujitsu did not do a whole lot with Toyota’s supply chain management innovations (sourcing reliable and thoroughly tested “parts” that serve your people and processes). This is where another transformational change in the software development ecosystem is just beginning to come into play: the use of open source and the embrace of component-based software development. That is, where agile software development must meet supply chain management.

Today, 90% of a typical application is composed of open source and third party components. The open source community is the dominant supplier of software building blocks, the components they develop feeding virtually all software development “supply chains”. These components are sourced within the supply chain by software development organizations, usually from public repositories.

To give you a sense of the scale of operations in today’s software ‘manufacturing’ supply chains, the largest source of Java components known as the “Central Repository” clocked in 13 billion downloads last year alone – more than 35 million components every day (and that dramatically understates real usage because more than a quarter of the download requests came from local component repositories -- such as Nexus – that are in turn accessed by teams of developers).

Today’s reality: software assembly (together with agile) is just the way software is made.

In the next part of this blog series, we’ll take a drive down the software supply chain to help you understand where your software has really come from.

---

Read Part 2 of this series.

Tags: Cyber Supply Chain Management and Transparency Act, H.R. 5793, government open source software (GOSS), agile development, Sonatype Says, Software Supply Chain, open source components, Cyber Chain Integrity Act, Wayne Jackson, component development, open source software supply chain, Open Source, Cyber Supply Chain, Software supply chain management, internet of everything, AppSec Spotlight

Written by Wayne Jackson

Wayne is the CEO of Sonatype, a role he has held since 2010. Prior to Sonatype, Wayne served as the CEO of open source network security pioneer Sourcefire, Inc. (NASDAQ:FIRE), which he guided from fledgling start-up through an IPO in March of 2007, later acquired by Cisco for $2.7 billion. Before Sourcefire, Wayne co-founded Riverbed Technologies, a wireless infrastructure company, and served as its CEO until the sale of the company for more than $1 billion in March of 2000.