You are here
Continuous Acceleration: Why Continuous Everything Needs a Supply Chain Approach
Joshua Corman, CTO, Sonatype
With continuous development, we write less code and consume more re-usable open source code. Innovation is accelerated and so is application complexity. Complexity is the enemy of quality. Poor quality creates unplanned/unscheduled work. Re-work creates a drag on development speed. It’s a continuous loop. While Agile and DevOps have made us faster and more efficient, they can only take us so far... and worse, the year of OpenSource attacks we've just had commands better practices.
What if we could deliver applications on-time (even faster), on-budget (even more efficiently) and with a natural byproduct of more acceptable quality and risk?
The good news: other industries have figured this out with supply chain management. Applying supply chain approaches to software raises the bar on continuous goals.
A few of the patterns we can take from the rigor of things like the Toyota Supply Chain:
- Scrutinize the number and quality of your “suppliers”
- Manage out avoidable risk, complexity, and code bloat
- Improve traceability and visibility
- Ensure prompt agile responses when things go wrong
Pending legislation with the Cyber Supply Chain Transparency Act makes this a particularly important topic for Federal Agencies and the ISVs and SIs who provide software to them. This session will also provide background on this act and provide practical guidance on how respond to and benefit from it.
Joshua Corman is a Founder of I am The Cavalry (dot org) and the CTO for Sonatype. Corman has served key research and strategy roles at Akamai Technologies, The 451 Group, and IBM Internet Security Systems. He co-founded @RuggedSoftware and @IamTheCavalry to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. Josh's unique approach to security in the context of human factors, adversary motivations and social impact has helped position him as one of the most trusted names in security. He is an adjunct faculty for Carnegie Mellon’s Heinz College and Advisor to DHS S&T. Josh received his bachelor's degree in philosophy, graduating summa cum laude, from the University of New Hampshire.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.