The biggest problem facing software organizations today is an inability to track, monitor, and improve the usage of open source software. This isn’t about security alone. From DevOps to DevSecOps, there are fundamental principles that the best development teams use to guide open source software consumption. Many of these best practices come from traditional manufacturing, which is the focus of a new paper Sonatype CTO Brian Fox and I spent most of the last year researching and developing in partnership with Atlantic Council’s Open Source Policy Network and Digital Forensic Research Lab (DFRLab). The paper, “Driving Software Recalls: Manufacturing Supply Chain Best Practices for Open Source Consumption,” is available now. Feel free to jump over there, or continue reading to understand how this all came about.
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Jeff Wayman. Read the original post at: https://blog.sonatype.com/how-manufacturing-best-practices-can-improve-open-source-consumption-and-software-supply-chains