Making Developer’s Lives Easier as We Enter The New Frontier of Dependency Management

In recent years, we at Sonatype have dedicated an extensive amount of time to studying enterprise development teams, open source projects, and how everything in the OSS ecosystem works together. In fact, in a two-year-long study with Gene Kim and Stephen Magill we  examined software release patterns and cybersecurity hygiene practices across 30,000 different projects and teams. 

Through this, we’ve found three truths for software engineering teams and the 20 million software developers that work for them:

  • They seek faster innovation.
  • They seek improved security.
  • They utilize a massive volume of open-source libraries.

These truths can sometimes feel at odds with each other. Developers do not “own” the security of their own products. Instead, they are subject to security oversight and are relegated to using reactive tools that tell them about vulnerabilities and code issues after development. While the majority of developers have become more aware of security, it’s difficult to implement appropriate measures when current tools to manage open source dependencies are often built with security in mind more than development. 

Changing Role of Developers 

I believe we’re in the middle of an inflection point. The role of the software developer is changing again. Whether they’re ready or not, developers now need to take responsibility for security and code quality, as the definition of dependency management evolves. With developers now needing to manage all of these elements simultaneously, their roles have become increasingly complex. It is therefore critical that they can have tools to automate key processes, helping to boost productivity, while simultaneously improving software security and quality. 

This is why I’m proud to introduce Sonatype’s newest enhancements for Nexus Lifecycle: the Advanced Development Pack. 

High-performing teams need solutions that make their development practices better. 67% of developers are regularly impacted when dependency upgrades break (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Brian Fox. Read the original post at: