2016 State of the Software Supply Chain Report with Derek Weeks

The OWASP Podcast Series

English - July 11, 2016 05:24 - 16 minutes - 15 MB - ★★★★★ - 23 ratings
Technology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Previous Episode: Security as Part of DevOps and Development with Jason Schmitt

Next Episode: Unicorns on an Aircraft Carrier: DevOps Security at Scale with Sanjeev Sharma

The "State of the Software Supply Chain Report" featured in today's show is an industry report produced by Sonatype. In the spirit of full disclosure, Mark Miller is the Senior Storyteller and DevOps Advocate for Sonatype. That said, no products are mentioned, nothing is being sold. Sonatype is the steward of the Central Repository and has access to an incredible set of data. The information in the report relates directly to A9 within the OWASP Top 10: Using components with known vulnerabilities. The full report is available as a free download.

To describe the findings of the report and the discoveries made from analyzing the open source download patterns of 3000 companies, I spoke with Derek Weeks, VP and Rugged DevOps Advocate from Sonatype.