SBN

Achieving a Managed State Model For Your Software Supply Chain

Santi Mulukutla, Customer Success Engineer at Sonatype, invites you to embrace ambiguity.

Building a successful software supply chain means developing a framework. Most importantly, that framework should be flexible and scalable. It should continue to prompt questions to keep your team moving forward. In other words: a framework for change.

Her talk, Achieving a Managed State Model for Your Software Supply Chain, at the Nexus User Conference, explores how a flexible framework enhances the stability of the software supply chain.

As with reading, cooking, and sports — three activities every human does, to some degree — a framework is necessary for best results. Delicious food is produced through orderly steps; life-changing books depend on your capacity to understand words. They have additional commonalities, too, says Santi. All have clear starting points. Each activity has a path to completion. Simple steps move the process forward.

Secure software development processes share these attributes, too.

How You Start Determines How You Finish

First, some context. The last decade has been transformative for open source software. Up to 90% of all software is comprised of open source components. Introducing code you didn’t write into your supply chain provides great value. It also demands vigilant risk management.

While software developers strive to use trusted components, unlike other industries, such as automobile or food manufacturers, the software industry lacks a common framework to deliver safe, quality goods.

Therefore, it is up to development teams to develop a framework. It must maintain an up-to-date inventory so problems are quickly remediated. It must be flexible enough to scale, too.

A Multi-Dimensional Approach Builds the Most Resilient Model

Santi identifies three important, interdependent parts of a secure software manufacturing process:

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Katie McCaskey. Read the original post at: https://blog.sonatype.com/achieving-a-managed-state-model-for-your-software-supply-chain