podcast • 1MIN READ
It’s Not Open Source, It’s You. Where Open Source Risk Comes From w/ Sonatype
Picture this: an auto manufacturer with no clue what parts are in its supply chain, where those parts come from and no ability to recall those parts if vulnerabilities are discovered.
That’s not a reality consumers would accept. So why do organizations (and manufacturers!) tolerate it when it comes to software?
On this week’s episode of Dev Interrupted, Brian Fox, co-founder & CTO, and Stephen Magill, VP of Product Innovation, join us to talk about Sonatype’s State of the Software Supply Chain Report.
Listen as Brian and Stephen explain the ins and outs of open source risk management, how companies that aren’t open source maintainers can do a better job protecting themselves and why cybercrime is like “VC funds for the bad guys.”
- (1:48) Brian's and Stephen's background
- (5:21) State of the Software Supply Chain Report
- (9:53) 4 practices of secure teams
- (12:43) What eng leaders need to know about their software supply chain
- (22:20) Cybercrime is like "VC funds invested into the bad guys"
- (28:38) Security issues gap between management and ICs
Want to cut code-review time by up to 40%? Add estimated review time to pull requests automatically!
gitStream is the free dev tool from LinearB that eliminates the No. 1 bottleneck in your team’s workflow: pull requests and code reviews. After reviewing the work of 2,000 dev teams, LinearB’s engineers and data scientists found that pickup times and code review were lasting 4 to 5 days longer than they should be.
The good news is that they found these delays could be eliminated largely by adding estimated review time to pull requests!
Learn more about how gitStream is making coding better HERE.