Webinar: "La supply chain del software vista a raggi X"

•  Emeraso) srl •  Mission •  Vision •  Market & Solu5ons Monica Burzio Federico Pagnozzi Ugo Ciracì

Data di nascita: 2005 Dove siamo: via Po, 1 – Torino via del Poggio Lauren5no, 118 -‐ Roma “Il nostro impegno è nella costante ricerca della migliore soluzione per il cliente, garantendo eccellenza nella qualità di servizi e prodoT propos5. La nostra promessa è di svolgere il nostro lavoro con costanza e passione”

DevOps IoT

Testing

ALM

SOA Business Intelligence

Security

Compliance Management

University

ALM+PLM

traceability

standard compliance

BRMS

BI

User Experience SS4B Enterprise Mobility

agile

IoD

BPM

Open Source

API Usability

Agenda Webinar: “La Supply Chain del so8ware vista a raggi X: da=, principi e best prac=ce per accelerare l’innovazione”

•  L’u5lizzo e lo stato dei componen5 so)ware •  I principi della Supply Chain del so)ware •  Technical Insights •  Q&A

5

La Supply Chain del so8ware vista a raggi X: da=, principi e best prac=ce per accelerare l’innovazione

MAKING INVISIBLE THINGS VISIBLE

16,766,704

“Open source underpins all of our mission critical applications. Therefore, we must

ensure that we are using the highest quality components at every stage of the

development cycle.”

Don Duet Co-‐head of Technology

Goldman Sachs

SOFTWARE IS MANUFACTURED FROM PARTS

MASSIVE GAINS IN PRODUCTIVITY

3,000 organizations

25,000 applications

Say Hello to Your Software Supply Chain…

THE BEST ARE BORROWING FROM DEMING

FEASTING ON A MASSIVE SUPPLY

1,000 new projects per day 10,000 new versions per day 14x releases per year

NOT ALL PARTS ARE CREATED EQUAL

INNOVATION WAVE IN YOUR SOFTWARE FACTORY

229,898 downloads

orders

5,275 components - all versions

parts

2,071 components

suppliers

Analysis of 3,000

organizations

229,898 downloads

Analysis of 3,000

organizations 17,206

7.48% known security vulnerabilities

Warehouses Manufacturers Finished Goods

6.1% component downloads are

vulnerable

5.6% components in repository managers

are vulnerable

6.8% components in applications are

vulnerable

NEWER COMPONENTS MAKE BETTER SOFTWARE

Analysis of components in 25,000 applications scans

COMPONENTS BY YEAR

DEFECT DENSITY

1 2 3 4 5 6 7 8 9 10 11

5%

10%

15%

20%

25%

Component Age in Years

3X HIGHER DEFECT DENSITY

OLDER COMPONENTS DIE OFF Analysis of components in 25,000 applications scans

INACTIVE PROJECTS (% on latest version)

1 2 3 4 5 6 7 8 9 10 11

5%

10%

15%

20%

25%

Component Age in Years

PRACTICES ARE GAINING TRACTION

TECHNICAL INSIGHTS

Nexus Firewall:

Protecting from external

vulnerabilities

Check the status of your code

Detect and apply known safe fixes on your components

Monitor vulnerability and exposure of your repositories

books.sonatype.com

Application security: Set your own security level

Take control of your organization •  Applications •  Policies

Secure licenses •  Age •  License •  Actions

Analytics •  Vulnerabilities •  Licenses •  Custom policies

Nexus Procurement

Suite: Enforce

repositories

Procured Release -‐  Open to developers -‐  Controlled staging

Procured Development -‐  Filtered repositories

for developers

books.sonatype.com

Nexus Lifecycle: Manage your deployment

workflow

books.sonatype.com

Nexus High Availability:

Up & running

books.sonatype.com

$7.42M Estimated cost to remediate 10% of

defects across 2000 applications.

www.sonatype.com/calculator

SCARICA IL REPORT

COMPLETO DELL’ANALISI

www.emerasoft.com/2016-software-supply-chain-report/

CREATE A SOFTWARE BILL OF MATERIALS

bit.ly/so)wareBOM @sonatype

Contenu5 disponibili su:

Canale slideshare di Emeraso) Canale Youtube Emeraso) Visita il nostro sito emeraso).com

WHAT’S NEXT

Contacaci: sales@emeraso).com Email: federico.pagnozzi@emeraso).com Q&A ?

@

WWW

Segui i nostri canali …

www.emerasoft.com [email protected]

Emerasoft Srl via Po, 1 – 10124 Torino via del Poggio Laurentino, 118 – 00144 Roma T +39 011 0120370 T +39 06 87811323 F +39 011 3710371

Grazie…

Contatti

Webinar: "La supply chain del software vista a raggi X"

Software

Transcript of Webinar: "La supply chain del software vista a raggi X"