Sonatype CEO on The Future of the Software Supply Chain - Security Boulevard

Sonatype CEO on The Future of the Software Supply Chain

As CEO of Sonatype for the past ten years Wayne Jackson has a rich perspective on where software development, and where it intersects with security, is heading. As he noted during an interview with Sonatype’s CMO Matt Howard during the company’s 2020 Nexus User Conference, it’s been fascinating to watch the industry grow and change, and help Sonatype be a part of what’s shaped its future. Here are some of his thoughts on a variety of topics, such as Maven, the software supply chain, and speed vs. security no longer being at odds.

Software Everywhere

To Wayne, what is astonishing is how much software is being developed in every vertical. They say it is “eating the world,” but that statement does not fully capture the extent of how it’s transformed everything we do. Software isn’t eating the world, it is the world.  

The notion of a trillion different requests for open source components is hard-to-grasp. Especially when there does not seem to be a clear pattern to it. For example, an open-source library discloses a bug or vulnerability, and yet the number of downloads for that library don’t decrease. As Wayne notes, it’s almost mind boggling that people aren’t paying closer attention to this. 

Sonatype knows whether such proclamations impact usage statistics because the company can measure download requests in a way others can’t. As the curator of Maven Central, the company has unique insight into what’s happening around open source downloads and has been able to look at usage patterns for well over a decade.  Since Maven Central is the defacto repository for open-source libraries, this means they have an accurate measurement of who is using open source in the Java community.

State of the Software Supply Chain

Speaking of open source use, Sonatype recently (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Mark Henke. Read the original post at: