Code, Cars, and Congress: A Time for Cyber Supply Chain Management

CEO, Wayne Jackson

CEO, Wayne Jackson

CEO Wayne Jackson has created an overview article related to H.R. 5793, the “Cyber Supply Chain Management and Transparency Act of 2014.”

In light of this new legislation, I thought it would be worthwhile to revisit a set of discussions I started earlier this year focused on changes in software development, the prolific use of open source components today, and our need to embrace software supply chain management principles. — Wayne Jackson


Here’s an excerpt from Wayne’s article. You can read the entire article on


Today software runs the things that run our world. In fact, I’m starting to see the pundits talk not just about securing and protecting our applications, but about embracing software supply chain management. With software so deeply embedded in every aspect of our lives, the companies running the software are accountable for protecting the consumers using it. In fact, it is just a matter of time before software liability becomes a reality (but that is a topic for another day).

Just like automobile manufacturers, software “manufacturers” need to apply supply chain management principles for both efficiency and quality. They need to be prepared to conduct a rapid and comprehensive “recall” when a defect is found. And today’s modern development practices make this, well, challenging to say the least.

As U.S. Representative Ed Royce (R-CA) introduced the Cyber Supply Chain Management and Transparency Act of 2014 last week, he stated, “It is precisely because of the importance of open source components to modern software development, that we need to ensure integrity in the open source supply chain, so vulnerabilities are not populated throughout the hundreds of thousands of software applications that use open source components.”
Bear with me a moment, as I take you through a quick history of Toyota’s supply chain innovations … then I promise to bring this back to your own software supply chain.

Read the full article

The following two tabs change content below.
Wayne currently serves as the CEO of Sonatype, Inc., the leaders in Component Lifecycle Management and creators of Maven and other technologies used by millions of software developers worldwide. Prior to joining Sonatype, Wayne served as the CEO of open source network security pioneer Sourcefire, Inc. (NASDAQ:FIRE), which he guided from fledgling start-up through an IPO in March of 2007, later acquired by Cisco for $2.7 billion.

Related posts