Open Season on Open Source? Why It’s Time for a Software Supply Chain

Joshua Corman’s presentation at ØREDEV 2014 in Sweden brings up the idea of a software supply chain. Josh’s premise is ‘Is OpenSource more secure?” is the wrong question’. Listen to his full presentation and let us know what you think.


Session Description

Is OpenSource more secure?” is the wrong question. Also, who needs opinion when we have data… This session will provide new quantitative and qualitative analysis of the modern SW Supply Chain. There’s been a dramatic shift from writing code to assembling it, with open-source and third-party components providing the innovation and efficiency developers need. This dependence on components is growing faster than the ability to secure them.

As with Heartbleed, Struts, and the like, shared components are increasingly shared risk. Worse, components are increasingly the preferred attack surface in today’s applications. Growing dependence, coupled with poor security visibility, requires small but important adjustments to application development. Join us for fresh analysis and practical ways to minimize avoidable risk and rework.

The following two tabs change content below.

Joshua Corman

In his capacity as CTO, Josh researches new technologies and software development trends to help evolve Sonatype’s product strategy. Additionally, Josh is working with the broader IT community as well as policy and standards bodies to improve software development security standards and best practices. Prior to Sonatype, Josh served as a security researcher and executive at Akamai Technologies, The 451 Group, and IBM Internet Security Systems, among other firms. A well-regarded innovator, he co-founded Rugged Software and IamTheCavalry to encourage the development of new cyber security solutions in response to the world’s increasing reliance on digital infrastructure. Josh's unique approach to addressing cyber security in the context of human factors and social impact has helped position him as one of the most trusted names in IT security. He also serves as adjunct faculty for Carnegie Mellon’s Heinz College, IANS Research, and as a Fellow at the Ponemon Institute.

Related posts

One Comment;

  1. Pingback: Future Software Supply Chain Thoughts | Linux Press