Tag: open source governance
Are Developers Responsible for Open Source Governance?
Alex Rybak | | compliance, open source, open source governance, SBoM, shift left, software developmentThere are lots of factors in the open source software world converging to make it a big year for “shift left” in software development. Heightened security concerns, an increasing need for software ...
The 2016 State of Software Supply Chain Report is Here
Derek E. Weeks | | application security, continuous delivery, devops, open source governance, Repository Manager, rugged devops, Software Supply Chains, sonatypeOur State of the Software Supply Chain Report has just been released. Over the past year, we’ve amassed a great deal of data with respect to the staggering volume and variety of ...
Open Source software license and security management with WhiteSource
With the growing speed and availability of open source components, it becomes easy to add features and integration of software with other components which makes software development easier. But there are a ...
The Software BOM Squad
Derek E. Weeks | | application security, continuous delivery, devops, open source, open source governance, rugged devops, software bill of materials, Software Supply ChainIn my previous post, "When Good Code Goes Bad", I shared new research showing the average large development organization consumes over 15,000 known vulnerable and defective components annually. While we can't stop ...
When Good Code Goes Bad
Derek E. Weeks | | application security, continuous delivery, devops, open source governance, software bill of materials, Software Supply ChainMilk spoils. Iron rusts. And in software, good code goes bad. Yet the difference is, with the first two, you know the change has occurred. With software, those changes are not always ...
