SlideShare a Scribd company logo

Software supply chain management: Gaining velocity without losing control

matthewabq
matthewabq

Competitive software organizations require high velocity production, operational efficiency, and continuous innovation – often achieved by sacrificing product quality, development process visibility, and corporate governance. As OSS consumption increases, such compromises are less acceptable as they render organizations blind to the building blocks comprising their software, thus accumulating technical debt and introducing risky defects. Learn how a holistic, automatable supply chain management approach to software improves product quality, OSS governance and mean-time-to-repair.

Software
1 of 31
Download to read offline
1 Software supply chain management: Gaining velocity without losing control Yu-Chen Hsueh Customer Success Engineer yhsueh@sonatype.com (408)881-3894
@sonatype
@sonatype
106,000Organizations Analyzed Source: 2015 State of the Software Supply Chain Report @sonatype
We all have a SOFTWARE SUPPLY CHAIN @sonatype
How Dependent on 3rd Parties Are We? 10% Custom Written Code Typical Application Open Source Cloud Services Closed Source 90% From 3rd Parties @sonatype
Need speed, efficiency & quality for agile, continuous DevOps? Automate your software supply chain with three proven principles: Use higher quality parts Use better & fewer suppliers Track what you use and where
@sonatype
CHANGE Typical component is updated 3 - 4X per year. 985,000 OSS COMPONENTS 11 MILLION OSS USERS108,000 SUPPLIERS Source: 2015 State of the Software Supply Chain Report @sonatype
Suppliers Serving Manufacturers Source: 2015 State of the Software Supply Chain Report Orders (downloads) Suppliers (artifacts) Parts (versions) Average 240,757 7,601 18,614 @sonatype
59% never repaired 41% 390 days (median 265 days). CVSS 10s 224 days <7 The best were remediated in under a week. Source: USENIX, https://www.usenix.org/system/files/login/articles/15_geer_0.pdf @sonatype
@sonatype
Source: modulecounts.com @sonatype
Sample of Open Source Repositories 2014 Volume of Download Requests Central.sonatype.org 17,213,084,947 Npmjs.org 15,460,748,856 NuGetGallery.com 280,124,916 Bintray.com 250,000,000 Source: 2015 State of the Software Supply Chain Report @sonatype
Repository Managers Accessing the Central Repository Source: 2015 State of the Software Supply Chain Report @sonatype
Source: 2015 State of the Software Supply Chain Report Public Repos Local Repo Build Tool Public Repos Build Tool 95% of downloads 5% of downloads @sonatype
27
100-200 Cycle Time: Minutes-Hours @sonatype
Source: 2015 State of the Software Supply Chain Report 240,000Components Downloaded Annually @sonatype
Q: Does your organization have an open source policy? Half of organizations continue to run without an open source policy. Source: 2012, 2013, 2014 Sonatype Open Source Development and Application Security Survey @sonatype
If it does not fit, it does not get done. @sonatype
Orders Quality Control Average downloads # with known vulnerabilities % with known vulnerabilities % known vulnerabilities (2013 or older) 240,757 15,337 7.5% 66.3% Download Volumes of Old CVEs Source: 2015 State of the Software Supply Chain Report @sonatype
Image Source: caranddriver.com @sonatype
@sonatype
Analysis of 1,500+ Applications 106 components 24 known vulnerabilities 9 restrictive licenses @sonatype
v
What if manufacturers built cars the way we build software: without supply chain visibility, process and automation … They could choose any supplier they want for any given part, regardless of quality. Any part can be chosen even if it is outdated or known to be unsafe. Since there is no visibility, it is very slow and costly to recall a part. There is no quality control or consistency from car to car. There is no inventory of the parts that were used, or where.
1 2 3 Create a software Bill of Materials for your application Design a frictionless, automated, “continuous” approach Empower developers with the right information at the right time @sonatype
CREATE A SOFTWARE BILL OF MATERIALS bit.ly/softwareBOM 5MINUTES @sonatype
Supply chain advantage Source: Toyota Supply Chain Management: A Strategic Approach to Toyota’s Renowned System, by Ananth Iyer and Sridhar Seshadri
IT’S TIME WE IMPROVE OUR SOFTWARE SUPPLY CHAINS … LEVERAGING COLLABORATION + GOVERNANCE TO CREATE VALUE!

Recommended

Accelerating innovation with software supply chain management
Accelerating innovation with software supply chain management Accelerating innovation with software supply chain management
Accelerating innovation with software supply chain management matthewabq
 
Take your code and quality to the next level by Serena Software
Take your code and quality to the next level by Serena SoftwareTake your code and quality to the next level by Serena Software
Take your code and quality to the next level by Serena SoftwareSerena Software
 
An update to software testing trends
An update to software testing trendsAn update to software testing trends
An update to software testing trendsBugRaptors
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementSonatype
 
Findings Revealed: 2015 State of the Software Supply Chain
Findings Revealed: 2015 State of the Software Supply Chain Findings Revealed: 2015 State of the Software Supply Chain
Findings Revealed: 2015 State of the Software Supply Chain Sonatype
 
Digital Assurance - Today & Tomorrow
Digital Assurance - Today & TomorrowDigital Assurance - Today & Tomorrow
Digital Assurance - Today & TomorrowAgile Testing Alliance
 
A "Firewall" for Bad Binaries
A "Firewall" for Bad BinariesA "Firewall" for Bad Binaries
A "Firewall" for Bad BinariesSonatype
 
What is Software Testing?
What is Software Testing?What is Software Testing?
What is Software Testing?QAI Global
 

Recommended

Accelerating innovation with software supply chain management
Accelerating innovation with software supply chain management Accelerating innovation with software supply chain management
Accelerating innovation with software supply chain management matthewabq
 
Take your code and quality to the next level by Serena Software
Take your code and quality to the next level by Serena SoftwareTake your code and quality to the next level by Serena Software
Take your code and quality to the next level by Serena SoftwareSerena Software
 
An update to software testing trends
An update to software testing trendsAn update to software testing trends
An update to software testing trendsBugRaptors
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementSonatype
 
Findings Revealed: 2015 State of the Software Supply Chain
Findings Revealed: 2015 State of the Software Supply Chain Findings Revealed: 2015 State of the Software Supply Chain
Findings Revealed: 2015 State of the Software Supply Chain Sonatype
 
Digital Assurance - Today & Tomorrow
Digital Assurance - Today & TomorrowDigital Assurance - Today & Tomorrow
Digital Assurance - Today & TomorrowAgile Testing Alliance
 
A "Firewall" for Bad Binaries
A "Firewall" for Bad BinariesA "Firewall" for Bad Binaries
A "Firewall" for Bad BinariesSonatype
 
What is Software Testing?
What is Software Testing?What is Software Testing?
What is Software Testing?QAI Global
 
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...Outpost24
 
Seven Steps to Remove Barriers and Accelerate Mobile Testing
Seven Steps to Remove Barriers and Accelerate Mobile TestingSeven Steps to Remove Barriers and Accelerate Mobile Testing
Seven Steps to Remove Barriers and Accelerate Mobile TestingKeynote Mobile Testing
 
Delivering high-quality apps 6 times, every week
Delivering high-quality apps 6 times, every weekDelivering high-quality apps 6 times, every week
Delivering high-quality apps 6 times, every weekTariq Patel
 
Automated testing of software applications using machine learning edited
Automated testing of software applications using machine learning editedAutomated testing of software applications using machine learning edited
Automated testing of software applications using machine learning editedMilind Kelkar
 
Collaborative Mobile Test Automation
Collaborative Mobile Test AutomationCollaborative Mobile Test Automation
Collaborative Mobile Test AutomationKeynote Mobile Testing
 
Automated software testing complete guide
Automated software testing complete guideAutomated software testing complete guide
Automated software testing complete guideTestingXperts
 
[Europe merge world tour] Coverity Development Testing
[Europe merge world tour] Coverity Development Testing[Europe merge world tour] Coverity Development Testing
[Europe merge world tour] Coverity Development TestingPerforce
 
Effective practices for API Test Automation
Effective practices for API Test Automation Effective practices for API Test Automation
Effective practices for API Test Automation Cigniti Technologies Ltd
 
Case study on functional testing
Case study on functional testingCase study on functional testing
Case study on functional testing360logica Software Testing Services (A Saksoft Company)
 
Continuous Testing: The Path Forward
Continuous Testing: The Path ForwardContinuous Testing: The Path Forward
Continuous Testing: The Path ForwardPerfecto by Perforce
 
The Illusion of Control: Seven Deadly Wastes in Your Devops Practice
The Illusion of Control: Seven Deadly Wastes in Your Devops PracticeThe Illusion of Control: Seven Deadly Wastes in Your Devops Practice
The Illusion of Control: Seven Deadly Wastes in Your Devops Practicematthewabq
 
API Automation and TDD to Implement Master Data Survivorship Rules
API Automation and TDD to Implement Master Data Survivorship RulesAPI Automation and TDD to Implement Master Data Survivorship Rules
API Automation and TDD to Implement Master Data Survivorship RulesSmartBear
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps WorldParasoft
 
ABC's of Service Virtualization
ABC's of Service VirtualizationABC's of Service Virtualization
ABC's of Service VirtualizationParasoft
 
Monitoring Solutions for APIs
Monitoring Solutions for APIsMonitoring Solutions for APIs
Monitoring Solutions for APIsApigee | Google Cloud
 
Artificial intelligence in qa
Artificial intelligence in qaArtificial intelligence in qa
Artificial intelligence in qaTaras Lytvyn
 
Better Governance Banking on Continuous Delivery
Better Governance Banking on Continuous DeliveryBetter Governance Banking on Continuous Delivery
Better Governance Banking on Continuous DeliveryTapabrata Pal
 
Implementation of DevOps at SmartBear
Implementation of DevOps at SmartBearImplementation of DevOps at SmartBear
Implementation of DevOps at SmartBearSmartBear
 
Cigniti joint webinar with Soasta - Agile DevOps: Test-driven IT Environment ...
Cigniti joint webinar with Soasta - Agile DevOps: Test-driven IT Environment ...Cigniti joint webinar with Soasta - Agile DevOps: Test-driven IT Environment ...
Cigniti joint webinar with Soasta - Agile DevOps: Test-driven IT Environment ...Cigniti Technologies Ltd
 
End-to-End Software testing services at Faststream technologies
End-to-End Software testing services at Faststream technologiesEnd-to-End Software testing services at Faststream technologies
End-to-End Software testing services at Faststream technologiesFaststream Technologies
 
Social CRM (Follow Fridays)
Social CRM (Follow Fridays)Social CRM (Follow Fridays)
Social CRM (Follow Fridays)Tijs Vrolix
 
Operation Support System (Erp, Scm, Crm )
Operation Support System (Erp, Scm, Crm )Operation Support System (Erp, Scm, Crm )
Operation Support System (Erp, Scm, Crm )noviantokuswandi
 

More Related Content

What's hot

Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...Outpost24
 
Seven Steps to Remove Barriers and Accelerate Mobile Testing
Seven Steps to Remove Barriers and Accelerate Mobile TestingSeven Steps to Remove Barriers and Accelerate Mobile Testing
Seven Steps to Remove Barriers and Accelerate Mobile TestingKeynote Mobile Testing
 
Delivering high-quality apps 6 times, every week
Delivering high-quality apps 6 times, every weekDelivering high-quality apps 6 times, every week
Delivering high-quality apps 6 times, every weekTariq Patel
 
Automated testing of software applications using machine learning edited
Automated testing of software applications using machine learning editedAutomated testing of software applications using machine learning edited
Automated testing of software applications using machine learning editedMilind Kelkar
 
Automated software testing complete guide
Automated software testing complete guideAutomated software testing complete guide
Automated software testing complete guideTestingXperts
 
[Europe merge world tour] Coverity Development Testing
[Europe merge world tour] Coverity Development Testing[Europe merge world tour] Coverity Development Testing
[Europe merge world tour] Coverity Development TestingPerforce
 
Effective practices for API Test Automation
Effective practices for API Test Automation Effective practices for API Test Automation
Effective practices for API Test Automation Cigniti Technologies Ltd
 
Continuous Testing: The Path Forward
Continuous Testing: The Path ForwardContinuous Testing: The Path Forward
Continuous Testing: The Path ForwardPerfecto by Perforce
 
The Illusion of Control: Seven Deadly Wastes in Your Devops Practice
The Illusion of Control: Seven Deadly Wastes in Your Devops PracticeThe Illusion of Control: Seven Deadly Wastes in Your Devops Practice
The Illusion of Control: Seven Deadly Wastes in Your Devops Practicematthewabq
 
API Automation and TDD to Implement Master Data Survivorship Rules
API Automation and TDD to Implement Master Data Survivorship RulesAPI Automation and TDD to Implement Master Data Survivorship Rules
API Automation and TDD to Implement Master Data Survivorship RulesSmartBear
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps WorldParasoft
 
ABC's of Service Virtualization
ABC's of Service VirtualizationABC's of Service Virtualization
ABC's of Service VirtualizationParasoft
 
Artificial intelligence in qa
Artificial intelligence in qaArtificial intelligence in qa
Artificial intelligence in qaTaras Lytvyn
 
Better Governance Banking on Continuous Delivery
Better Governance Banking on Continuous DeliveryBetter Governance Banking on Continuous Delivery
Better Governance Banking on Continuous DeliveryTapabrata Pal
 
Implementation of DevOps at SmartBear
Implementation of DevOps at SmartBearImplementation of DevOps at SmartBear
Implementation of DevOps at SmartBearSmartBear
 
Cigniti joint webinar with Soasta - Agile DevOps: Test-driven IT Environment ...
Cigniti joint webinar with Soasta - Agile DevOps: Test-driven IT Environment ...Cigniti joint webinar with Soasta - Agile DevOps: Test-driven IT Environment ...
Cigniti joint webinar with Soasta - Agile DevOps: Test-driven IT Environment ...Cigniti Technologies Ltd
 
End-to-End Software testing services at Faststream technologies
End-to-End Software testing services at Faststream technologiesEnd-to-End Software testing services at Faststream technologies
End-to-End Software testing services at Faststream technologiesFaststream Technologies
 

What's hot (20)

Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
Outpost24 webinar - Protecting Cezanne HR’s cloud web application with contin...
 
Seven Steps to Remove Barriers and Accelerate Mobile Testing
Seven Steps to Remove Barriers and Accelerate Mobile TestingSeven Steps to Remove Barriers and Accelerate Mobile Testing
Seven Steps to Remove Barriers and Accelerate Mobile Testing
 
Delivering high-quality apps 6 times, every week
Delivering high-quality apps 6 times, every weekDelivering high-quality apps 6 times, every week
Delivering high-quality apps 6 times, every week
 
Automated testing of software applications using machine learning edited
Automated testing of software applications using machine learning editedAutomated testing of software applications using machine learning edited
Automated testing of software applications using machine learning edited
 
Collaborative Mobile Test Automation
Collaborative Mobile Test AutomationCollaborative Mobile Test Automation
Collaborative Mobile Test Automation
 
Automated software testing complete guide
Automated software testing complete guideAutomated software testing complete guide
Automated software testing complete guide
 
[Europe merge world tour] Coverity Development Testing
[Europe merge world tour] Coverity Development Testing[Europe merge world tour] Coverity Development Testing
[Europe merge world tour] Coverity Development Testing
 
Effective practices for API Test Automation
Effective practices for API Test Automation Effective practices for API Test Automation
Effective practices for API Test Automation
 
Case study on functional testing
Case study on functional testingCase study on functional testing
Case study on functional testing
 
Continuous Testing: The Path Forward
Continuous Testing: The Path ForwardContinuous Testing: The Path Forward
Continuous Testing: The Path Forward
 
The Illusion of Control: Seven Deadly Wastes in Your Devops Practice
The Illusion of Control: Seven Deadly Wastes in Your Devops PracticeThe Illusion of Control: Seven Deadly Wastes in Your Devops Practice
The Illusion of Control: Seven Deadly Wastes in Your Devops Practice
 
API Automation and TDD to Implement Master Data Survivorship Rules
API Automation and TDD to Implement Master Data Survivorship RulesAPI Automation and TDD to Implement Master Data Survivorship Rules
API Automation and TDD to Implement Master Data Survivorship Rules
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps World
 
ABC's of Service Virtualization
ABC's of Service VirtualizationABC's of Service Virtualization
ABC's of Service Virtualization
 
Monitoring Solutions for APIs
Monitoring Solutions for APIsMonitoring Solutions for APIs
Monitoring Solutions for APIs
 
Artificial intelligence in qa
Artificial intelligence in qaArtificial intelligence in qa
Artificial intelligence in qa
 
Better Governance Banking on Continuous Delivery
Better Governance Banking on Continuous DeliveryBetter Governance Banking on Continuous Delivery
Better Governance Banking on Continuous Delivery
 
Implementation of DevOps at SmartBear
Implementation of DevOps at SmartBearImplementation of DevOps at SmartBear
Implementation of DevOps at SmartBear
 
Cigniti joint webinar with Soasta - Agile DevOps: Test-driven IT Environment ...
Cigniti joint webinar with Soasta - Agile DevOps: Test-driven IT Environment ...Cigniti joint webinar with Soasta - Agile DevOps: Test-driven IT Environment ...
Cigniti joint webinar with Soasta - Agile DevOps: Test-driven IT Environment ...
 
End-to-End Software testing services at Faststream technologies
End-to-End Software testing services at Faststream technologiesEnd-to-End Software testing services at Faststream technologies
End-to-End Software testing services at Faststream technologies
 

Viewers also liked

Social CRM (Follow Fridays)
Social CRM (Follow Fridays)Social CRM (Follow Fridays)
Social CRM (Follow Fridays)Tijs Vrolix
 
Operation Support System (Erp, Scm, Crm )
Operation Support System (Erp, Scm, Crm )Operation Support System (Erp, Scm, Crm )
Operation Support System (Erp, Scm, Crm )noviantokuswandi
 
From Fans and Followers to Customers and Advocates: Social CRM Presentation a...
From Fans and Followers to Customers and Advocates: Social CRM Presentation a...From Fans and Followers to Customers and Advocates: Social CRM Presentation a...
From Fans and Followers to Customers and Advocates: Social CRM Presentation a...Jacob Morgan
 
Social CRM: Towards Enhanced Customer Relationship Management
Social CRM: Towards Enhanced Customer Relationship ManagementSocial CRM: Towards Enhanced Customer Relationship Management
Social CRM: Towards Enhanced Customer Relationship ManagementMSL
 
Customer relation management
Customer relation managementCustomer relation management
Customer relation managementJoe Simon
 
Social CRM - Concept, Benefits and Approach to adopt
Social CRM - Concept, Benefits and Approach to adoptSocial CRM - Concept, Benefits and Approach to adopt
Social CRM - Concept, Benefits and Approach to adoptFabio Cipriani
 
SalesFundaa CRM Software ppt
SalesFundaa CRM Software pptSalesFundaa CRM Software ppt
SalesFundaa CRM Software pptSamantha Taylor
 
2011 Top 40 CRM Software Vendors
2011 Top 40 CRM Software Vendors2011 Top 40 CRM Software Vendors
2011 Top 40 CRM Software Vendorslelandb01
 
Overview Of Effective CRM Implementation And Operation
Overview Of Effective CRM Implementation And OperationOverview Of Effective CRM Implementation And Operation
Overview Of Effective CRM Implementation And OperationAlan McSweeney
 
Proactive CRM for Auto DMS
Proactive CRM for Auto DMSProactive CRM for Auto DMS
Proactive CRM for Auto DMSProactivesoft
 

Viewers also liked (12)

Social CRM (Follow Fridays)
Social CRM (Follow Fridays)Social CRM (Follow Fridays)
Social CRM (Follow Fridays)
 
Operation Support System (Erp, Scm, Crm )
Operation Support System (Erp, Scm, Crm )Operation Support System (Erp, Scm, Crm )
Operation Support System (Erp, Scm, Crm )
 
From Fans and Followers to Customers and Advocates: Social CRM Presentation a...
From Fans and Followers to Customers and Advocates: Social CRM Presentation a...From Fans and Followers to Customers and Advocates: Social CRM Presentation a...
From Fans and Followers to Customers and Advocates: Social CRM Presentation a...
 
Social CRM: Towards Enhanced Customer Relationship Management
Social CRM: Towards Enhanced Customer Relationship ManagementSocial CRM: Towards Enhanced Customer Relationship Management
Social CRM: Towards Enhanced Customer Relationship Management
 
Customer relation management
Customer relation managementCustomer relation management
Customer relation management
 
Social CRM - Concept, Benefits and Approach to adopt
Social CRM - Concept, Benefits and Approach to adoptSocial CRM - Concept, Benefits and Approach to adopt
Social CRM - Concept, Benefits and Approach to adopt
 
SalesFundaa CRM Software ppt
SalesFundaa CRM Software pptSalesFundaa CRM Software ppt
SalesFundaa CRM Software ppt
 
2011 Top 40 CRM Software Vendors
2011 Top 40 CRM Software Vendors2011 Top 40 CRM Software Vendors
2011 Top 40 CRM Software Vendors
 
Supply Chain Management
Supply Chain ManagementSupply Chain Management
Supply Chain Management
 
Overview Of Effective CRM Implementation And Operation
Overview Of Effective CRM Implementation And OperationOverview Of Effective CRM Implementation And Operation
Overview Of Effective CRM Implementation And Operation
 
Proactive CRM for Auto DMS
Proactive CRM for Auto DMSProactive CRM for Auto DMS
Proactive CRM for Auto DMS
 
Supply Chain Management
Supply Chain ManagementSupply Chain Management
Supply Chain Management
 

Similar to Software supply chain management: Gaining velocity without losing control

Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...
Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...
Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...Emerasoft, solutions to collaborate
 
HPE ALM Octane | DevOps | Agile
HPE ALM Octane | DevOps | AgileHPE ALM Octane | DevOps | Agile
HPE ALM Octane | DevOps | AgileJeffrey Nunn
 
Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...
Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...
Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...Amazon Web Services
 
Code to Release using Artificial Intelligence and Machine Learning
Code to Release using Artificial Intelligence and Machine LearningCode to Release using Artificial Intelligence and Machine Learning
Code to Release using Artificial Intelligence and Machine LearningSTePINForum
 
White Paper: Software Supply Chain Automation: Going Beyond Agile, Lean and D...
White Paper: Software Supply Chain Automation: Going Beyond Agile, Lean and D...White Paper: Software Supply Chain Automation: Going Beyond Agile, Lean and D...
White Paper: Software Supply Chain Automation: Going Beyond Agile, Lean and D...Sonatype
 
Continuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOpsContinuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOpsSmartBear
 
Driving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareDriving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareParasoft
 
Fyipe - One complete DevOps and IT Ops platform.
Fyipe - One complete DevOps and IT Ops platform. Fyipe - One complete DevOps and IT Ops platform.
Fyipe - One complete DevOps and IT Ops platform. Nawaz Dhandala
 
Next generation software testing trends
Next generation software testing trendsNext generation software testing trends
Next generation software testing trendsArun Kulkarni
 
Step by-step mobile testing approaches and strategies
Step by-step mobile testing approaches and strategiesStep by-step mobile testing approaches and strategies
Step by-step mobile testing approaches and strategiesAlisha Henderson
 
Why SaaS BI
Why SaaS BIWhy SaaS BI
Why SaaS BIBirst
 
Freedom and Responsibility
Freedom and ResponsibilityFreedom and Responsibility
Freedom and ResponsibilityMike Ruangutai
 
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceTools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceSonatype
 
Continuous testing & devops with @petemar5hall
Continuous testing & devops with @petemar5hallContinuous testing & devops with @petemar5hall
Continuous testing & devops with @petemar5hallPeter Marshall
 
How do YOU compare to others in Mobile DevOps Performance, Productivity, and ...
How do YOU compare to others in Mobile DevOps Performance, Productivity, and ...How do YOU compare to others in Mobile DevOps Performance, Productivity, and ...
How do YOU compare to others in Mobile DevOps Performance, Productivity, and ...AnnaBtki
 
Better Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousBetter Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousParasoft
 
Monitor and Measure Your Way to Successful Digital Transformation
Monitor and Measure Your Way to Successful Digital TransformationMonitor and Measure Your Way to Successful Digital Transformation
Monitor and Measure Your Way to Successful Digital TransformationVMware Tanzu
 
TV Platforms 2014 Report: an S3 Group Survey of Pay-TV Service Delivery
TV Platforms 2014 Report: an S3 Group Survey of Pay-TV Service DeliveryTV Platforms 2014 Report: an S3 Group Survey of Pay-TV Service Delivery
TV Platforms 2014 Report: an S3 Group Survey of Pay-TV Service DeliveryS3 Group | TV Technology
 
Software Operation Knowledge
Software Operation KnowledgeSoftware Operation Knowledge
Software Operation KnowledgeDevnology
 

Similar to Software supply chain management: Gaining velocity without losing control (20)

Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...
Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...
Webinar: "Sicurezza e qualità del software: un viaggio attraverso vulnerabili...
 
HPE ALM Octane | DevOps | Agile
HPE ALM Octane | DevOps | AgileHPE ALM Octane | DevOps | Agile
HPE ALM Octane | DevOps | Agile
 
Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...
Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...
Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...
 
Code to Release using Artificial Intelligence and Machine Learning
Code to Release using Artificial Intelligence and Machine LearningCode to Release using Artificial Intelligence and Machine Learning
Code to Release using Artificial Intelligence and Machine Learning
 
White Paper: Software Supply Chain Automation: Going Beyond Agile, Lean and D...
White Paper: Software Supply Chain Automation: Going Beyond Agile, Lean and D...White Paper: Software Supply Chain Automation: Going Beyond Agile, Lean and D...
White Paper: Software Supply Chain Automation: Going Beyond Agile, Lean and D...
 
Continuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOpsContinuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOps
 
Driving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareDriving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive Software
 
Fyipe - One complete DevOps and IT Ops platform.
Fyipe - One complete DevOps and IT Ops platform. Fyipe - One complete DevOps and IT Ops platform.
Fyipe - One complete DevOps and IT Ops platform.
 
Next generation software testing trends
Next generation software testing trendsNext generation software testing trends
Next generation software testing trends
 
Step by-step mobile testing approaches and strategies
Step by-step mobile testing approaches and strategiesStep by-step mobile testing approaches and strategies
Step by-step mobile testing approaches and strategies
 
Why SaaS BI
Why SaaS BIWhy SaaS BI
Why SaaS BI
 
Freedom and Responsibility
Freedom and ResponsibilityFreedom and Responsibility
Freedom and Responsibility
 
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceTools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
 
Continuous testing & devops with @petemar5hall
Continuous testing & devops with @petemar5hallContinuous testing & devops with @petemar5hall
Continuous testing & devops with @petemar5hall
 
How do YOU compare to others in Mobile DevOps Performance, Productivity, and ...
How do YOU compare to others in Mobile DevOps Performance, Productivity, and ...How do YOU compare to others in Mobile DevOps Performance, Productivity, and ...
How do YOU compare to others in Mobile DevOps Performance, Productivity, and ...
 
Better Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousBetter Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to Continuous
 
Monitor and Measure Your Way to Successful Digital Transformation
Monitor and Measure Your Way to Successful Digital TransformationMonitor and Measure Your Way to Successful Digital Transformation
Monitor and Measure Your Way to Successful Digital Transformation
 
TV Platforms 2014 Report: an S3 Group Survey of Pay-TV Service Delivery
TV Platforms 2014 Report: an S3 Group Survey of Pay-TV Service DeliveryTV Platforms 2014 Report: an S3 Group Survey of Pay-TV Service Delivery
TV Platforms 2014 Report: an S3 Group Survey of Pay-TV Service Delivery
 
Manmeet _C14
Manmeet _C14 Manmeet _C14
Manmeet _C14
 
Software Operation Knowledge
Software Operation KnowledgeSoftware Operation Knowledge
Software Operation Knowledge
 

Recently uploaded

Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noidabntitsolutionsrishis
 
Best Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfBest Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfIdiosysTechnologies1
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfLivetecs LLC
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 

Recently uploaded (20)

Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
 
Best Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfBest Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdf
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdf
 
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your BusinessAdvantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 

Software supply chain management: Gaining velocity without losing control

  • 1. 1 Software supply chain management: Gaining velocity without losing control Yu-Chen Hsueh Customer Success Engineer yhsueh@sonatype.com (408)881-3894
  • 4. 106,000Organizations Analyzed Source: 2015 State of the Software Supply Chain Report @sonatype
  • 5. We all have a SOFTWARE SUPPLY CHAIN @sonatype
  • 6. How Dependent on 3rd Parties Are We? 10% Custom Written Code Typical Application Open Source Cloud Services Closed Source 90% From 3rd Parties @sonatype
  • 7. Need speed, efficiency & quality for agile, continuous DevOps? Automate your software supply chain with three proven principles: Use higher quality parts Use better & fewer suppliers Track what you use and where
  • 9. CHANGE Typical component is updated 3 - 4X per year. 985,000 OSS COMPONENTS 11 MILLION OSS USERS108,000 SUPPLIERS Source: 2015 State of the Software Supply Chain Report @sonatype
  • 10. Suppliers Serving Manufacturers Source: 2015 State of the Software Supply Chain Report Orders (downloads) Suppliers (artifacts) Parts (versions) Average 240,757 7,601 18,614 @sonatype
  • 11. 59% never repaired 41% 390 days (median 265 days). CVSS 10s 224 days <7 The best were remediated in under a week. Source: USENIX, https://www.usenix.org/system/files/login/articles/15_geer_0.pdf @sonatype
  • 14. Sample of Open Source Repositories 2014 Volume of Download Requests Central.sonatype.org 17,213,084,947 Npmjs.org 15,460,748,856 NuGetGallery.com 280,124,916 Bintray.com 250,000,000 Source: 2015 State of the Software Supply Chain Report @sonatype
  • 15. Repository Managers Accessing the Central Repository Source: 2015 State of the Software Supply Chain Report @sonatype
  • 16. Source: 2015 State of the Software Supply Chain Report Public Repos Local Repo Build Tool Public Repos Build Tool 95% of downloads 5% of downloads @sonatype
  • 17. 27
  • 19. Source: 2015 State of the Software Supply Chain Report 240,000Components Downloaded Annually @sonatype
  • 20. Q: Does your organization have an open source policy? Half of organizations continue to run without an open source policy. Source: 2012, 2013, 2014 Sonatype Open Source Development and Application Security Survey @sonatype
  • 21. If it does not fit, it does not get done. @sonatype
  • 22. Orders Quality Control Average downloads # with known vulnerabilities % with known vulnerabilities % known vulnerabilities (2013 or older) 240,757 15,337 7.5% 66.3% Download Volumes of Old CVEs Source: 2015 State of the Software Supply Chain Report @sonatype
  • 25. Analysis of 1,500+ Applications 106 components 24 known vulnerabilities 9 restrictive licenses @sonatype
  • 26. v
  • 27. What if manufacturers built cars the way we build software: without supply chain visibility, process and automation … They could choose any supplier they want for any given part, regardless of quality. Any part can be chosen even if it is outdated or known to be unsafe. Since there is no visibility, it is very slow and costly to recall a part. There is no quality control or consistency from car to car. There is no inventory of the parts that were used, or where.
  • 28. 1 2 3 Create a software Bill of Materials for your application Design a frictionless, automated, “continuous” approach Empower developers with the right information at the right time @sonatype
  • 29. CREATE A SOFTWARE BILL OF MATERIALS bit.ly/softwareBOM 5MINUTES @sonatype
  • 30. Supply chain advantage Source: Toyota Supply Chain Management: A Strategic Approach to Toyota’s Renowned System, by Ananth Iyer and Sridhar Seshadri
  • 31. IT’S TIME WE IMPROVE OUR SOFTWARE SUPPLY CHAINS … LEVERAGING COLLABORATION + GOVERNANCE TO CREATE VALUE!