Sign up to save your podcasts
Or
Share Ep122: Securing the Software Supply Chain - How Sonatype Protects Developers in the Age of AI
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Ep122: Securing the Software Supply Chain - How Sonatype Protects Developers in the Age of AI
Chief Product Development Officer Mitchell Johnson discusses how Sonatype protects enterprise developers from malicious open source components while keeping them productive through AI.
Topics Include:
- Sonatype provides software supply chain solutions for enterprises using open source components
- They serve large enterprises, government agencies, and critical infrastructure providers globally
- Main challenge: keeping developers productive while maintaining secure software supply chains
- Cybercrime and supply chain attacks are massive, growing industries threatening developers
- AI adoption is happening faster than expected, profoundly changing development workflows
- Bad actors evolved from waiting for vulnerabilities to creating malicious components
- Malicious open source components specifically target developer and DevOps toolchains
- Sonatype's security research team uses AI/ML to analyze every open source component
- They can predict and block malicious components before entering customer environments
- AWS partnership helps Sonatype meet customers where they want to do business
- Partnership focuses on go-to-market alignment, not just technical integration
- AWS sales teams should be treated as extensions of your own sales organization
- Understanding AWS sales structure and incentives is crucial for successful partnerships
- AI development is following same pattern as open source adoption twenty years ago
- "Shadow AI" parallels the earlier "shadow IT" trend with open source software
- AI speeds up code generation but security review processes haven't kept pace
- Developers need a "Hippocratic Oath" - taking responsibility for AI-generated code output
- Within 24 months, professionals not skilled in AI will struggle to stay relevant
- Sonatype's culture encourages curiosity, experimentation, and accepts failure as part of innovation
- Their core mission: help developers focus on innovation, not security chores
Participants:
- Mitchell Johnson – Chief Product Development Officer, Sonatype
Further Links:
- Sonatype Website
- Sonatype on AWS Marketplace
See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/
View all episodes
By AWS - Amazon Web Services
5
1010 ratings
Chief Product Development Officer Mitchell Johnson discusses how Sonatype protects enterprise developers from malicious open source components while keeping them productive through AI.
Topics Include:
- Sonatype provides software supply chain solutions for enterprises using open source components
- They serve large enterprises, government agencies, and critical infrastructure providers globally
- Main challenge: keeping developers productive while maintaining secure software supply chains
- Cybercrime and supply chain attacks are massive, growing industries threatening developers
- AI adoption is happening faster than expected, profoundly changing development workflows
- Bad actors evolved from waiting for vulnerabilities to creating malicious components
- Malicious open source components specifically target developer and DevOps toolchains
- Sonatype's security research team uses AI/ML to analyze every open source component
- They can predict and block malicious components before entering customer environments
- AWS partnership helps Sonatype meet customers where they want to do business
- Partnership focuses on go-to-market alignment, not just technical integration
- AWS sales teams should be treated as extensions of your own sales organization
- Understanding AWS sales structure and incentives is crucial for successful partnerships
- AI development is following same pattern as open source adoption twenty years ago
- "Shadow AI" parallels the earlier "shadow IT" trend with open source software
- AI speeds up code generation but security review processes haven't kept pace
- Developers need a "Hippocratic Oath" - taking responsibility for AI-generated code output
- Within 24 months, professionals not skilled in AI will struggle to stay relevant
- Sonatype's culture encourages curiosity, experimentation, and accepts failure as part of innovation
- Their core mission: help developers focus on innovation, not security chores
Participants:
- Mitchell Johnson – Chief Product Development Officer, Sonatype
Further Links:
- Sonatype Website
- Sonatype on AWS Marketplace
See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/
More shows like AWS for Software Companies Podcast
View all
WSJ Tech News Briefing
1,640 Listeners
Security Now (Audio)
1,999 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
639 Listeners
The Cloudcast
156 Listeners
a16z Podcast
1,081 Listeners
The Strategy Skills Podcast: Strategy | Leadership | Critical Thinking | Problem-Solving
105 Listeners
AWS Podcast
205 Listeners
NVIDIA AI Podcast
339 Listeners
Kubernetes Podcast from Google
182 Listeners
Practical AI
206 Listeners
Morning Brew Daily
2,995 Listeners
All-In with Chamath, Jason, Sacks & Friedberg
9,633 Listeners
Cyber Security Headlines
134 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
553 Listeners
HBR On Leadership
164 Listeners