When developers and suppliers carefully list the tools used to build an application and what third-party components are included, IT can improve software patching and updates.
DevOps Express initiative aims to streamline the way enterprises transform their software development and delivery processes to DevOps.
The software world is being flooded with open source product. In fact, the federal government has an open-source-first policy. But maybe it's time to stop and think about sources of open source. Where does all that code originate? The software supply chain. That's something Derek Weeks, vice president and DevOps advocate at Sonatype, looks at carefully. He joins Federal Drive with Tom Temin.
What: The 2016 State of the Software Supply Chain report from Sonatype detailing the use of open source components in software. Why: Because 80 to 90 percent of today’s software applications are made of component parts, and increasingly, open source components, defect rates and security and quality issues abound within the software supply chain. Adopting supply chain automation principles, however, could reduce vulnerabilities.
Companies that develop enterprise applications download over 200,000 open-source components on average every year -- and one in 16 of those components has security vulnerabilities.