Analysis of 25,000 applications reveals 6.8% of packages/components used
included known defects. Organizations standardizing on components between 2 -
3 years of age can decrease defect rates substantially.
Open source and third-party packages/components live at the heart of high
velocity software development organizations. Today, an average of 106
packages / components comprise 80 - 90% of a modern application, yet few
organizations have visibility into what components are used where.
Use of known defective components leads to quality and security issues within
applications. While developers save tremendous amounts of time by sourcing
software components from outside their organizations, they often don't have
time to check those component versions against known vulnerability databases
or internal policies.
In Sonatype's 2016 State of the Software Supply Chain repor... (more)
Software components that were once good can sour instantly when new
vulnerabilities are discovered within them. When that happens, the bears are
coming, and you have to respond quickly.
Two men are walking through a forest. Suddenly, they see a bear off in the
distance, running toward them. Adrenaline pumping, they start running away.
But then one of them stops, takes some running shoes from his bag and starts
putting them on.
"Frank, what are you doing?" says the other man. "Do you think you will run
faster than the bear with those?"
"I don't need to run faster than the bear," ... (more)
At the recent DEVNEXUS conference in Atlanta, Sonatype's Mark Miller
(@TSWAlliance) caught up with Ian Buchanan (@devpartisan) for the latest
segment in our 2016 DevOps Leadership Series. Ian discussed his experiences
at Atlassian, including continuous delivery, ChatOps, and use of tools like
Bamboo, Nexus, Puppet, and Datadog.
Watch the full interview with Ian Buchanan - Atlassian Developer Advocate
Ian Buchanan: I'm Ian Buchanan. I'm a Developer Partisan at Atlassian which
is developer advocacy for our developer tools.
Mark Miller: Ian, most people know Atlassian from solution... (more)
I had the chance to catch up with Jeff Sussna ahead of his keynote address on
continuous design, scheduled for DevOpsDays Atlanta, April 26-27. Jeff
discussed the importance of designing for service, responding to the
unexpected, and the importance of building empathy across teams.
Derek Weeks: Today, I'm really happy that we have Jeff Sussna joining us for
the latest in this series. Jeff, why don't you introduce yourself?
Jeff Sussna: Sure. Thanks for having me. I'm an independent consultant. I've
been around since rocks were young or the 80s, whichever is older. My
particular b... (more)
In September 2014, Apple made encryption default with the introduction of the
iPhone 6. Then, in February 2016, a Los Angeles judge issued an order to
Apple to help break into the encrypted iPhone belonging to a terrorist
involved in a mass shooting.
Apple had used some of the strongest encryption technologies and practices to
protect its users and their data. The encryption technology did not
discriminate between lawful and unlawful users. While there were many sides
to this issue, it surfaced many important debates on security, privacy, and
For develo... (more)