CEO Wayne Jackson has created an overview article related to H.R. 5793, the “Cyber Supply Chain Management and Transparency Act of 2014.”
In light of this new legislation, I thought it would be worthwhile to revisit a set of discussions I started earlier this year focused on changes in software development, the prolific use of open source components today, and our need to embrace software supply chain management principles. — Wayne Jackson
Here’s an excerpt from Wayne’s article. You can read the entire article on blogs.Sonatype.com.
Today software runs the things that run our world. In fact, I’m starting to see the pundits talk not just about securing and protecting our applications, but about embracing software supply chain management. With software so deeply embedded in every aspect of our lives, the companies running the software are accountable for protecting the consumers using it. In fact, it is just a matter of time before software liability becomes a reality (but that is a topic for another day).
Just like automobile manufacturers, software “manufacturers” need to apply supply chain management principles for both efficiency and quality. They need to be prepared to conduct a rapid and comprehensive “recall” when a defect is found. And today’s modern development practices make this, well, challenging to say the least.
As U.S. Representative Ed Royce (R-CA) introduced the Cyber Supply Chain Management and Transparency Act of 2014 last week, he stated, “It is precisely because of the importance of open source components to modern software development, that we need to ensure integrity in the open source supply chain, so vulnerabilities are not populated throughout the hundreds of thousands of software applications that use open source components.”
Bear with me a moment, as I take you through a quick history of Toyota’s supply chain innovations … then I promise to bring this back to your own software supply chain.
Latest posts by Wayne Jackson (see all)
- Sonatype Closes $30 Million Financing - February 4, 2016
- Code, Cars, and Congress: A Time for Cyber Supply Chain Management - December 8, 2014
- Code, Cars, and Congress: A Time for Cyber Supply Chain Management - December 5, 2014
- The 2014 Survey: Marked by an Industry Shock Wave - June 20, 2014