5 Steps to Improve Your Software Supply Chain Security

By Derek Weeks, Vice President and DevOps Advocate, Sonatype

Organizations that take control of their software supply chains will see tremendous gains in developer productivity, improved quality, and lower risk.

To improve management of component vulnerabilities, consider these five steps, which mimic a number of the supply chain management concepts originated by quality guru W. Edwards Deming to improve quality, accelerate feedback loops, and increase efficiencies of manufacturing operations. The same approaches are being adopted by organizations improving their own operations through the adoption of Continuous Delivery and DevOps processes:

1. Create a software bill of materials for one application: Visibility into one application can help you understand your current component usage. A number of free and paid services are available to help you create a software bill of materials within a few minutes. The bill of materials will help you identify the unique component parts used within your application and the suppliers who contributed them. These reports list all components used, and several services also identify component age, popularity, version numbers, licenses, and known vulnerabilities.

For more tips and my complete story, please continue to Dark Reading

In early 2015, Derek Weeks led the largest and most comprehensive analysis of software supply chain practices to date across 106,000 development organizations. As a 20+ year veteran of the software industry, he has advised many leading businesses on IT performance improvement practices. Derek currently serves as vice president and DevOps advocate at Sonatype. Derek shares insights regularly across the socialsphere on Twitter, LinkedIn and online communities.