In this session, Dr Stephen Magill presents the findings of Sonatype’s new 8th annual State of the Software Supply Chain Report. 
Over the past year, we empirically studied dependency update patterns for thousands of open source projects, analyzed hundreds of survey responses, and took a critical look at commonly-held beliefs about effectively managing security risk. Our research has uncovered a vast chasm between perceived security and reality, a number of new trends in open source consumption, and surprising benefits to certain development team structures. 
Listen and find out which practices are backed up by data and learn how to efficiently manage your open source software supply chain.