High velocity -- in baseball, slang for a fast ball is called an aspirin; the movement is so fast that the possibility of contact with the ball seems impossibly small.
In open source software, the explosive growth is called reality. To our CEO Wayne Jackson, this incredible velocity is “game on.”
Today’s keynote address at the 2019 Nexus Users Conference, Wayne was asked how DevOps and DevSecOps philosophies fit into the incredible open source growth powering the world’s economy. He described the DevOps evolution in the “bottom of the 2nd or top of 3rd” inning -- evolving, but not at all finished -- and DevSecOps as just getting started: 1st inning, and 0 - 0 on the board.
His views stem from where we’ve been, where we’re going, and how fast we’re traveling.
Where We’ve Been
Wayne began by describing how, just five years ago, the invention of modular languages, like Maven, was radically changing the software production landscape. Artistry was now possible with assembly-like benefits. Communities of developers shared components, reusable building blocks that sped innovations into software development.
Our co-founder, Brian Fox, played a large role with the burgeoning use and maintenance of Maven Central, as an example.
“A compelling idea could now easily leverage parts made by others and play an instrumental role in the world,” Wayne noted. “At first, approximately ten years ago, many people, myself included, did not appreciate how open source software had changed.”
He went on to explain that open source modularity meant software could be built with remarkable speed, and quickly enter the market. This was a significant competitive edge. Products created using open source software became business-driving, market differentiators in their fields.
Where We’re Going
DevOps and DevSecOps Adoption
“Developers are the frontlines of all of this,” Wayne said, discussing today’s important role at the center of the global economy. They must be empowered to build quality software with security measures baked in; this requires new tools. Developers alone cannot be held responsible for quality.
C-level management is stepping up. “Organizations, top to bottom, are becoming aware they rely on open source software that is vital to their existence. Now executives are aware their companies are built on the inventions of strangers.”
The coming challenges are how to adapt new processes -- DevOps and DevSecOps -- without undue disruption.
The Commons and the Companies
Wayne acknowledges an ongoing conversation happening now about the value of the commons and the responsibilities of businesses who benefit from community-driven output. “We as a global set of communities have to figure this out,” he says.
For example, Wayne sees a need -- and responsibility -- for corporations that financially benefit from open source software to actively give back to the communities that develop it. He cites Goldman Sachs as an example. Goldman is giving back, not just to be “fair”, but because it protects their bottom line. He predicts more of this, adding that for-profit businesses must be good stewards to the communities that provide open source components.
Solve for the Supply Chain
“When we solve the software supply chain, we simultaneously improve hygiene and lower our surface area for better security,” Wayne emphasized.
He adds that this is the most fascinating time in his career because so much change is happening so fast, and affecting so many industries. Sonatype was among the first to even start thinking of the global dependencies, and the ramifications. And, we’re constantly looking toward the future. While we’re in search of the home run -- we’re just getting started.
To hear all that Sonatype's CEO Wayne Jackson had to say at the Nexus User Conference, see below: