Tag Archives: software supply chain

Sacha Labourey - CEO, Cloudbees

Security as Part of Continuous Delivery with Sacha Labourey

Security as Part of Continuous Delivery with Sacha Labourey

Continuing the theme of integrating security in DevOps processes, I spoke with Sacha Lebourey, CEO of Cloudbees, during a stop at CD Summit in London. As one of the main players in the software supply chain for DevOps, I was interested in Sacha’s perspective on how automated security fit into that supply chain. We start

2016 State of the Software Supply Chain Report

2016 State of the Software Supply Chain Report Released

The 2nd Annual State of the Software Supply Chain Report has been released, containing information on open source download patterns from over 3000 organizations. The report is a Sonatype research project, analyzing data from over 31 billion downloads from the Central Repository and other open source repositories. Listen to the OWASP 24/7 Podcast below to

Jason Schmitt - Featured Interview

Security as Part of DevOps and Development with Jason Schmitt

Jason Schmitt‘s passion is to assure security is built into the development process, not just as a bolt-on add-on. His experience in various aspects of software security has led him on a path through mobile, application and cloud security. In our conversation, Jason talks about the value OWASP provides to the security community as well

Shannon Lietz

<— Shifting Security to the Left

Software is assembled from many component parts to quickly address customer needs.  The end-to-end process of delivering value through software starts with ideation and ends with a finished product or service that significantly improves the lives of its customers.  Some depict the Software Supply Chain from right to left enumerating the Continuous Delivery of software

Damon Edwards

Ops Happens: Improve Security Without Getting in the Way – Damon Edwards at RSAC 2016 [Video]

View on YouTube: Ops Happen: Improve Security Without Getting in the Way Editor’s Note: This video is from the 16 part series, “DevOps Connect: Rugged DevOps at RSA Conference 2016”. The entire series is available, on-demand to members of TheNexus Community. At RSAC 2016, Damon Edwards from SimplifyOps exposed the design patterns developing in the DevOps community when

Gail Murphy and Marc Palyart - Featured Image

Communication Patterns in Open Source Component Supply Chains

Editor’s Note: After the publication of this article, I was able to speak with Dr. Murphy about the research for her project and the future plans for her and Dr. Marc Palyart to extend the project. You can listen to the full interview below. If your development project uses the Central Repository, your project is part

Taking over the World

Rework is Choking Software (2015 State of the Software Supply Chain Report)

Rework is Hell “Software may be eating the world, but rework is choking software”, tweeted John Jeremiah (@j_jeremiah).  To shed more light on what is choking software, new data was released last week in the 2015 State of the Software Supply Chain Report. In its discussion of application quality and integrity, the report revealed that