Perception vs Reality: A Data-Driven Look at Open Source Risk Management

Presented by

Dr Stephen Magill | Vice President, Product Innovation at Sonatype

About this talk

In this session, we’ll present the findings of Sonatype’s new 8th annual State of the Software Supply Chain Report. Over the past year, we empirically studied dependency update patterns for thousands of open source projects, analyzed hundreds of survey responses, and took a critical look at commonly-held beliefs about effectively managing security risk. Our research has uncovered a vast chasm between perceived security and reality, a number of new trends in open source consumption, and surprising benefits to certain development team structures. Come see which practices are backed up by data and learn how to efficiently manage your open source software supply chain.

Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (10)
Subscribers (963)
Sonatype is the software supply chain management company. We empower developers and security professionals with intelligent tools to innovate more securely at scale. Our platform addresses every element of an organization’s entire software development life cycle, including third-party open source code, first-party source code, infrastructure as code, and containerized code. Sonatype identifies critical security vulnerabilities and code quality issues and reports results directly to developers when they can most effectively fix them. This helps organizations develop consistently high-quality, secure software which fully meets their business needs and those of their end-customers and partners. More than 2,000 organizations, including 70% of the Fortune 100, and 15 million software developers already rely on our tools and guidance to help them deliver and maintain exceptional and secure software.