Software is Manufacturing
Wednesday, July, 29th, 2020
Software is assembled rather than written. Developers usually select third-party open source software components that provide useful chunks of functionality, then write some code to glue everything together into a complete product. Each software component carries its own risk, which means that managing the supply chain of components is crucial to minimizing overall risk.
Software components carry three types of risk. Known vulnerabilities in software components can be directly absorbed in a software product. Component licenses can be incompatible with a product’s license model. Finally, components can present operational risks.
Left unchecked, software supply chain risks can result in consequences that range from irritating to catastrophic. All product development processes should include automated software supply chain management integrated into the development toolchain.
This webcast describes the current landscape of open source adoption and shows how managing the software supply chain results in products that are safer, more secure, and lower risk.