Loading…
This event has ended. Visit the official site or create your own event on Sched.
View analytic
Thursday, October 22 • 1:00pm - 2:00pm
The Illusion of Control: Secrets Within Your Software Supply Chain

Sign up or log in to save this to your schedule and see who's attending!

Every software development organization on the planet relies on a software supply chain that is consuming a massive volume of open source and third-party components at extremely high velocity. To provide a much clearer perspective to this volume and velocity, we can see that a global population more than 11 million developers consumed over 20 billion components in 2014.

Those leading AppSec and DevOps practices who have pursued improved visibility, supplier choices, and control mechanisms across their software supply chains have boosted developer productivity by 15% - 40%, crumbled mountains of security debt, and shifted millions of dollars from sustaining operations to accelerating innovation.

Yet the vast majority of organizations developing software are blind to their free-for-all consumption volume, patterns, and velocity. Their software supply chain practices are silently sabotaging efforts to accelerate development, improve efficiency and maintain the integrity of their applications.

In June, I authored the 2015 State of the Software Supply Chain Report. It is a quantitative analysis of more than 106,000 "manufacturers" (software development organizations) consuming billions of open source and third-party software components from over 100,000 “suppliers” (open source projects).

While the average large organization in the study consumed 240,000 open source and third party software components in 2014, the study revealed:

- An average of 15,337 (7.5%) components consumed included known security flaws, impacting the integrity of operations

- 75% of organizations lack policies that control the use of open source and third-party components that are making their way through their software supply chains and into production

- An average application has 24 known critical or severe open source security flaws, electively built in by the development team

But this discussion is not intended to simply shed light on bad practices, it is about learning. Attendees will gain new visibility as to what’s happening in their own software supply chains, how to avoid these elective risks, and how leading technology, banking, and government organizations are applying proven supply chain principles from other industries toward improving their AppSec and DevOps practices.

Watch the Talk Video

Speakers
avatar for Derek E. Weeks

Derek E. Weeks

VP and DevSecOps Advocate, Sonatype
After flying to 40 countries and racing through a half-Ironman competition, Derek woke up one morning on the top of Kilimanjaro and saw the world in a new light. Soon after, Derek become a huge advocate of applying proven supply chain management principles into DevOps practices to improve efficiencies and sustain long-lasting competitive advantages. He currently serves as vice president and DevOps advocate at Sonatype, creators of the Nexus... Read More →


Thursday October 22, 2015 1:00pm - 2:00pm
Cypress Room Norris Conference Center, Austin
  • Host Organization