Picture this: an auto manufacturer with no clue what parts are in its supply chain, where those parts come from and no ability to recall those parts if vulnerabilities are discovered.
That’s not a reality consumers would accept. So why do organizations (and manufacturers!) tolerate it when it comes to software?
On this week’s episode of Dev Interrupted, Brian Fox, co-founder & CTO, and Stephen Magill, VP of Product Innovation, join us to talk about Sonatype’s State of the Software Supply Chain Report.
Listen as Brian and Stephen explain the ins and outs of open source risk management, how companies that aren’t open source maintainers can do a better job protecting themselves and why cybercrime is like “VC funds for the bad guys.”
Episode Highlights:
- (1:48) Brian's and Stephen's background
- (5:21) State of the Software Supply Chain Report
- (9:53) 4 practices of secure teams
- (12:43) What eng leaders need to know about their software supply chain
- (22:20) Cybercrime is like "VC funds invested into the bad guys"
- (28:38) Security issues gap between management and ICs
While you’re here, check out this video from our YouTube channel, and be sure to like and subscribe when you do!
Want to cut code-review time by up to 40%? Add estimated review time to pull requests automatically!
gitStream is the free dev tool from LinearB that eliminates the No. 1 bottleneck in your team’s workflow: pull requests and code reviews. After reviewing the work of 2,000 dev teams, LinearB’s engineers and data scientists found that pickup times and code review were lasting 4 to 5 days longer than they should be.
The good news is that they found these delays could be eliminated largely by adding estimated review time to pull requests!
Top comments (0)