Editor’s note: This is final installment of a four part series, talking with Bryan Batty, Director of Product and Infrastructure Security at Bloomberg Industry Group. In Part Three, Bryan shared his thoughts on measuring success. In this section, Bryan discusses what brought him to Sonatype.
“If you are faced with an emergency where you have to upgrade, you don’t want to try to upgrade 15 years worth of versions. You should be right at the current version when building new applications or updating existing applications.” — Bryan Batty
Can I ask, what led you to work with Sonatype?
I was looking at Software Composition Analysis and I knew that we had a lot of third party, open source libraries that we were using in our applications. We had a tool that was at least able to count them — whether it was the purpose of that tool was something else — but it counted the number of open source libraries that we used.
In the few dozen applications that I was monitoring, there were something like 10,000 open source library versions that were being used. That was extremely scary to me. I mean that’s probably more like 90/10 than 80/20. I realized we needed to get a handle on it.
So I manually looked at a couple of components and saw that there were some versions that were like 15 years old, and just… “Oh, great.” If you are faced with an emergency where you have to upgrade, you don’t want to try to upgrade 15 years worth of versions. You should be right at the current version when building new applications or updating existing applications.
Manually, we weren’t going to do 15 years worth of updates. (Read more...)
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Katie McCaskey. Read the original post at: https://blog.sonatype.com/nexus-innovator-bryan-batty-of-bloomberg-industry-group-part-4