It’s Not Open Source, It’s You. Where Open Source Risk Comes From

This content originally appeared on DEV Community 👩‍💻👨‍💻 and was authored by Conor Bronsdon

Picture this: an auto manufacturer with no clue what parts are in its supply chain, where those parts come from and no ability to recall those parts if vulnerabilities are discovered.

That’s not a reality consumers would accept. So why do organizations (and manufacturers!) tolerate it when it comes to software?

On this week’s episode of Dev Interrupted, Brian Fox, co-founder & CTO, and Stephen Magill, VP of Product Innovation, join us to talk about Sonatype’s State of the Software Supply Chain Report.

Listen as Brian and Stephen explain the ins and outs of open source risk management, how companies that aren’t open source maintainers can do a better job protecting themselves and why cybercrime is like “VC funds for the bad guys.”

Episode Highlights:

• (1:48) Brian's and Stephen's background
• (5:21) State of the Software Supply Chain Report
• (9:53) 4 practices of secure teams
• (12:43) What eng leaders need to know about their software supply chain
• (22:20) Cybercrime is like "VC funds invested into the bad guys"
• (28:38) Security issues gap between management and ICs

While you’re here, check out this video from our YouTube channel, and be sure to like and subscribe when you do!

Want to cut code-review time by up to 40%? Add estimated review time to pull requests automatically!

gitStream is the free dev tool from LinearB that eliminates the No. 1 bottleneck in your team’s workflow: pull requests and code reviews. After reviewing the work of 2,000 dev teams, LinearB’s engineers and data scientists found that pickup times and code review were lasting 4 to 5 days longer than they should be.

The good news is that they found these delays could be eliminated largely by adding estimated review time to pull requests!

Learn more about how gitStream is making coding better HERE.

This content originally appeared on DEV Community 👩‍💻👨‍💻 and was authored by Conor Bronsdon

Print Share Comment Cite Upload Translate Updates

APA

Conor Bronsdon | Sciencx (2022-12-15T22:03:46+00:00) It’s Not Open Source, It’s You. Where Open Source Risk Comes From. Retrieved from https://www.scien.cx/2022/12/15/its-not-open-source-its-you-where-open-source-risk-comes-from/

MLA

" » It’s Not Open Source, It’s You. Where Open Source Risk Comes From." Conor Bronsdon | Sciencx - Thursday December 15, 2022, https://www.scien.cx/2022/12/15/its-not-open-source-its-you-where-open-source-risk-comes-from/

HARVARD

Conor Bronsdon | Sciencx Thursday December 15, 2022 » It’s Not Open Source, It’s You. Where Open Source Risk Comes From., viewed ,<https://www.scien.cx/2022/12/15/its-not-open-source-its-you-where-open-source-risk-comes-from/>

VANCOUVER

Conor Bronsdon | Sciencx - » It’s Not Open Source, It’s You. Where Open Source Risk Comes From. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2022/12/15/its-not-open-source-its-you-where-open-source-risk-comes-from/

CHICAGO

" » It’s Not Open Source, It’s You. Where Open Source Risk Comes From." Conor Bronsdon | Sciencx - Accessed . https://www.scien.cx/2022/12/15/its-not-open-source-its-you-where-open-source-risk-comes-from/

IEEE

" » It’s Not Open Source, It’s You. Where Open Source Risk Comes From." Conor Bronsdon | Sciencx [Online]. Available: https://www.scien.cx/2022/12/15/its-not-open-source-its-you-where-open-source-risk-comes-from/. [Accessed: ]

rf:citation

» It’s Not Open Source, It’s You. Where Open Source Risk Comes From | Conor Bronsdon | Sciencx | https://www.scien.cx/2022/12/15/its-not-open-source-its-you-where-open-source-risk-comes-from/ |

Please log in to upload a file.

There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.