As we looked back at what our readers found most intriguing in the past year, we found one central theme: Managing their software supply chain. Our readers wanted to know in a continuous world, where speed and quality often compete, how can they develop software faster while becoming more profitable, ensuring quality and managing risk.
Here are the five software supply chain blogs that piqued our readers' interest in 2014 (with more to come in 2015).
The Internet of Everything: Code, Cars and More (a three-part series)
"With software so deeply embedded in every aspect of our lives, the companies running the software are accountable for protecting the consumers using it. In fact, it is just a matter of time before software liability becomes a reality…" You can start reading this series with Part 1 – It's Just the Way Software is Made.
Code, Cars and Congress: A Time for Cyber Supply Chain Management
On December 4th, 2014, U.S. Congressional Representatives Ed Royce (R-CA) and Lynn Jenkins (R-KS) introduced H.R. 5793, the "Cyber Supply Chain Management and Transparency Act of 2014." The legislation will ensure that all contractors of software, firmware or products to the federal government provide the procuring agency with a bill of materials of all third-party and open source components used, and demonstrate that those component versions have no known vulnerabilities.
IT Supply Chain – Will Yours be Compromised
Gartner recently published research about the enterprise IT supply chain and impending threats that should encourage organizations to act. An overview of the research is available on Help Net Security: "Enterprise IT supply chains will be compromised." The title sounds ominous, but it's a good read that advises organizations to take a holistic approach to protecting the IT supply chain.
Cyber Era Brings New Kinds of Supply Chain Threats
Federal Computer Week – (International) Cyber era brings new kinds of supply-chain threats. Problems in the Defense Department's supply chain are not new. However, the prevalence of digital systems brings a newer threat: one that can be tiny in size, but huge in potential impact.
Who Really Wrote Healthcare.gov
As Marc Andreessen famously observed, "software is eating the world." The proliferation of software is indeed transformational – it is everywhere, in laptops, of course, but also in cars, planes, phones, pacemakers, insulin pumps, refrigerators, thermostats, you name it. And the principal enabling transformation behind that is open source. Well, there's certainly nothing wrong with benefiting from the collective brainpower of millions of software developers, but who are these developers? The truth is that we don't know.
It's safe to say that it starts by sourcing better "supplies" either open source or third-party components. Using better parts creates less unplanned rework. Versioning and sharing parts makes teams more efficient. And avoiding components with known security vulnerabilities and license risk reduces break-fixes and keeps your security and legal teams happy.
Managing a software supply chain isn't easy, but it's where we should all be heading. Software supply chain might have piqued people's interest in 2014, but I'm hedging that interest will translate into action in 2015.
Derek serves as vice president and DevOps advocate at Sonatype and is the co-founder of All Day DevOps -- an online community of 65,000 IT professionals.
Explore All Posts by Derek WeeksTags
Try Nexus Repository Free Today
Sonatype Nexus Repository is the world’s most trusted artifact repository manager. Experience the difference and download Community Edition for free.