Resources Blog The Software Supply Chain Piques Interest

The Software Supply Chain Piques Interest

supply chain managementAs we looked back at what our readers found most intriguing in the past year, we found one central theme: managing their software supply chain. Our readers wanted to know in a continuous world, where speed and quality often compete, how can they develop software faster while becoming more profitable ensuring quality and managing risk.

Here are the five software supply chain blogs that piqued our readers interest in 2014: (with more to come in 2015)

The Internet of Everything: Code, Cars and More (a 3-part series)
“With software so deeply embedded in every aspect of our lives, the companies running the software are accountable for protecting the consumers using it. In fact, it is just a matter of time before software liability becomes a reality…” You can start reading this series with, Part 1 – It’s Just the Way Software is Made.

Code, Cars and Congress: A Time for Cyber Supply Chain Management
On December 4th, 2014, U.S. Congressional Representatives Ed Royce (R-CA) and Lynn Jenkins (R-KS) introduced H.R. 5793, the “Cyber Supply Chain Management and Transparency Act of 2014.” The legislation will ensure all contractors of software, firmware or products to the federal government provide the procuring agency with a bill of materials of all third party and open source components used, and demonstrate that those component versions have no known vulnerabilities.

IT Supply Chain – Will Yours be Compromised
Gartner recently published research about the enterprise IT supply chain and impending threats that should encourage organizations to act. An overview of the research is available on Help Net Security: “Enterprise IT supply chains will be compromised”. The title sounds ominous, but it’s a good read that advises organizations to take a holistic approach to protecting the IT supply chain.

Cyber Era Brings New Kinds of Supply Chain Threats
Federal Computer Week – (International) Cyber era brings new kinds of supply-chain threats. Problems in the Defense Department‘s supply chain are not a new issue, however, the prevalence of digital systems brings a newer kind of threat: one that can be tiny in size but huge in potential impact.

Who Really Wrote
As Marc Andreessen famously observed, “software is eating the world”. The proliferation of software is, indeed, transformational – it is everywhere, in laptops, of course, but also in cars, planes, phones, pacemakers, insulin pumps, refrigerators, thermostats, you name it. And the principal enabling transformation behind that is open source. Well there’s certainly nothing wrong with benefiting from the collective brainpower of millions of software developers, but who, exactly, are these developers? The truth is that, for the most part, we don’t know.

It's safe to say that it starts by sourcing better 'supplies' either open source or 3rd party components. Using better parts creates less unplanned rework. Versioning and sharing parts, makes teams more efficient. And avoiding the use of components with known security vulnerabilities and license risk, reduces break-fixes and keeps your security and legal teams happy.

Managing a software supply chain isn't easy but its where we should all be heading. Software supply chain might have piqued people's interest in 2014 but I'm hedging that interest will translate into action in 2015.

Picture of Derek Weeks

Written by Derek Weeks

Derek serves as vice president and DevOps advocate at Sonatype and is the co-founder of All Day DevOps -- an online community of 65,000 IT professionals.