Sign up to save your podcasts
Or
Share It’s Not Open Source, It’s You. Where Open Source Risk Comes From w/ Sonatype
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
It’s Not Open Source, It’s You. Where Open Source Risk Comes From w/ Sonatype
Picture this: an auto manufacturer with no clue what parts are in its supply chain, where those parts come from and no ability to recall those parts if vulnerabilities are discovered.
That’s not a reality consumers would accept. So why do organizations (and manufacturers!) tolerate it when it comes to software?
On this week’s episode of Dev Interrupted, Brian Fox, co-founder & CTO, and Stephen Magill, VP of Product Innovation, join us to talk about Sonatype’s State of the Software Supply Chain Report.
Listen as Brian and Stephen explain the ins and outs of open source risk management, how companies that aren’t open source maintainers can do a better job protecting themselves and why cybercrime is like “VC funds for the bad guys.”
Show Notes
8th Annual State of the Software Supply Chain Report
Support the show:
- Subscribe to our Substack
- Leave us a review
- Subscribe on YouTube
- Follow us on Twitter or LinkedIn
Offers:
- Learn about Continuous Merge with gitStream
- Get your DORA Metrics free forever
View all episodes
By LinearB
4.8
145145 ratings
Picture this: an auto manufacturer with no clue what parts are in its supply chain, where those parts come from and no ability to recall those parts if vulnerabilities are discovered.
That’s not a reality consumers would accept. So why do organizations (and manufacturers!) tolerate it when it comes to software?
On this week’s episode of Dev Interrupted, Brian Fox, co-founder & CTO, and Stephen Magill, VP of Product Innovation, join us to talk about Sonatype’s State of the Software Supply Chain Report.
Listen as Brian and Stephen explain the ins and outs of open source risk management, how companies that aren’t open source maintainers can do a better job protecting themselves and why cybercrime is like “VC funds for the bad guys.”
Show Notes
8th Annual State of the Software Supply Chain Report
Support the show:
- Subscribe to our Substack
- Leave us a review
- Subscribe on YouTube
- Follow us on Twitter or LinkedIn
Offers:
- Learn about Continuous Merge with gitStream
- Get your DORA Metrics free forever
More shows like Dev Interrupted
View all
Software Engineering Radio
272 Listeners
The Changelog: Software Development, Open Source
291 Listeners
Software Engineering Daily
625 Listeners
The Cloudcast
155 Listeners
Soft Skills Engineering
284 Listeners
Thoughtworks Technology Podcast
42 Listeners
Y Combinator Startup Podcast
232 Listeners
Syntax - Tasty Web Development Treats
986 Listeners
REWORK
210 Listeners
CoRecursive: Coding Stories
188 Listeners
Practical AI
213 Listeners
The Stack Overflow Podcast
62 Listeners
Lenny's Podcast: Product | Career | Growth
1,363 Listeners
Latent Space: The AI Engineer Podcast
96 Listeners
The Pragmatic Engineer
64 Listeners