As the infamous SolarWinds attack showed, it’s no longer sufficient to just write secure code, you need to ensure that you understand the security risks throughout your entire software supply chain: whether that’s compilers, containers or the tools used to manage deployment pipelines. 

Securing the software supply chain

The Thoughtworks podcast plunges deep into the latest tech topics that have captured our imagination. Join our panel of senior technologists to explore the most important trends in tech today, get frontline insights into our work developing cutting-edge tech and hear more about how today’s tech megatrends will impact you.

Technology

Tech News

Podcasting

Gadgets

Software How-To

Business

Investing

Careers

Management & Marketing

Business News

Shopping

One of the fundamentals of security is self-awareness: knowing where you may be vulnerable, the practices and processes that aren't yet quite in place and what actions you need to prioritize are essential if your organization is to excel at security. But how can that be done? In complex and distributed teams, surfacing such knowledge can be incredibly difficult. One solution, though, is something called a security maturity model. In this episode of the Thoughtworks Technology Podcast, Thoughtworks alumnus Diana Adorno and current Thoughtworkers Lisa Junger and Robin Doherty speak to host Alexey Boas about a security maturity model they've developed that was recognized by the prestigious CSO50 Awards. They explain the purpose of developing and using one, how theirs works and why it should matter to any organization that wants to get serious about the way it does security.

How to assess your organization's security maturity

Despite occasional confusion, the difference between continuous delivery and continuous deployment is simple: should deploying to production be on demand or every good build? Answering which approach is 'best' is difficult; any attempt at dogmatism is likely to just look foolish, given it is, like many other debates in software development, context-dependent. But that doesn't mean we shouldn't try and unpick the issues at the heart of the discussion. It's all well and good saying the debate is context-dependent, but what does that actually mean in practice? In this episode of the Technology Podcast, Ken Mugrage and Valentina Servile debate the merits of both continuous delivery and continuous deployment. Talking with hosts Prem Chandrasekaran and Birgitta Böckeler, they offer their perspectives on when and where both should be used — in making the case for their chosen approaches, they shed some much needed light on a discussion that every software engineering team should have.   Learn more about Valentina Servile's book Continuous Deployment: https://www.thoughtworks.com/insights/books/continuous-deployment

Continuous delivery vs. continuous deployment: What should be the default?

Volume 30 of the Thoughtworks Technology Radar was published in April 2024. Alongside 105 blips, the edition also featured four themes selected by the team of technologists that puts the Radar together. They were: open-ish source licenses, AI-assisted software development teams, emerging architecture patterns for LLMs and dragging pull requests closer to continuous integration. Each one cuts across the technologies and techniques included on the Radar and highlights a key issue or challenge for software developers — and other technologists — working today. In this episode of the Technology Podcast, Birgitta Böckeler and Erik Dörnenberg join Neal Ford and Ken Mugrage to discuss the themes for Technology Radar Vol.30. They explain what they mean, why they were picked and what their implications are for the wider industry.   Explore volume 30 of the Technology Radar: https://www.thoughtworks.com/radar

Themes from Technology Radar Vol.30

Bringing machine learning models into production is challenging. This is why, as demand for machine learning capabilities in products and services increases, new kinds of teams and new ways of working are emerging to bridge the gap between data science and software engineering. Effective Machine Learning Teams — written by Thoughtworkers David Tan, Ada Leung and Dave Colls — was created to help practitioners get to grips with these challenges and master everything needed to deliver exceptional machine learning-backed products. In this episode of the Technology Podcast, the authors join Scott Shaw and Ken Mugrage to discuss their book. They explain how it addresses current issues in the field, taking in everything from the technical challenges of testing and deployment to the cultural work of building teams that span different disciplines and areas of expertise.   Learn more about Effective Machine Learning Teams:  https://www.thoughtworks.com/insights/books/effective-machine-learning-teams Read a Q&A; with the authors:  https://www.thoughtworks.com/insights/blog/machine-learning-and-ai/author-q-and-a-effective-machine-learning-teams  

Building at the intersection of machine learning and software engineering

Can AI improve the quality of our code? A recent white paper published by code analysis company  CodeScene — "Refactoring vs. Refuctoring: Advancing the state of AI-automated code improvements" — highlighted some significant challenges: in tests, AI solutions only delivered functionally correct refactorings 37% of the time. However, there are nevertheless opportunities. The white paper suggests it might be possible to dramatically boost the success rate of AI refactoring to 90%. In this episode of the Technology Podcast, Adam Tornhill, CTO and Founder of CodeScene, joins Thoughtworks' Rebecca Parsons (CTO Emerita), Birgitta Böckeler (Global Lead for AI-assisted software delivery) and Martin Fowler (Chief Scientist and author of the influential Refactoring book) to discuss all things AI and code. From refactoring and code quality to the benefits and limitations of coding assistants, this is an essential conversation for anyone that wants to understand how AI is going to shape the way we build software.   Read CodeScene's Refactoring vs. Refuctoring white paper, which explores AI's role in improving code:   https://codescene.com/hubfs/whitepapers/Refactoring-vs-Refuctoring-Advancing-the-state-of-AI-automated-code-improvements.pdf Read CodeScene's Code Red white paper to learn how code quality impacts time-to-market and product experience:  https://codescene.com/hubfs/web_docs/Business-impact-of-code-quality.pdf CodeScene's new automated refactoring tool is now in beta. Learn more:   https://codescene.com/campaigns/ai Listen to our podcast discussion about AI-assisted coding from November 2023:  https://www.thoughtworks.com/insights/podcasts/technology-podcasts/ai-assisted-coding-experiences-perspectives

Securing the software supply chain

Download our free app to listen on your phone