Digital innovation creates competitive advantage and value for every type of business. Three things are common among corporate software engineering teams:
They seek faster innovation
They seek improved security
They utilize a massive volume of open source libraries
Faster innovation does not mean that developers need to reinvent the wheel. Instead, faster innovation demands efficient reuse of code, which has led to a growing dependence on open source and third-party software libraries. Developers are using artifacts into public software repositories (npm, Maven Central, PyPI, NuGet Gallery, RubyGems, etc.) as reusable building blocks. This is the definition of the modern software supply chain.
According to a recent report by Sonatype, in 2020, developers around the world is projected to request more than 1.5 trillion open source software components and containers. This reliance on open source components greatly speeds up innovation but often comes at a high price: many of these components available for download contain dangerous vulnerabilities.
Choosing open source software should be considered an important strategic decision for enterprise software development organizations. Just as traditional manufacturing supply chains select parts from approved suppliers and rely upon formalized procurement practices, development teams should adopt similar criteria for their open source components to ensure the highest quality parts are selected from reputable suppliers.
However, the reality is a bit different. Development teams often rely on an unchecked variety of open source software projects. Each team member can make their own sourcing and procurement decisions, placing trust in their component’s authenticity and integrity. The complexity of multi-layered open source software supply chains can obfuscate risk for those seeking to avoid it ..
Support the originator by clicking the read the rest link below.
