The Illusion of Control: The Intersection of Java and Application Security

Track: Security
Skill Level: Beginner
Room: Room A314
Time Slot: Tue 2/16, 2:30 PM
Tags: java , security
Abstract

Every organization has a software supply chain…they just don’t manage it like one (yet).

There is a massive volume of open source and proprietary components being consumed within your software supply chain at a very high velocity. Within it, a lot of inefficiencies are hidden to you and are silently sabotaging your efforts to accelerate development, improve efficiency and maintain quality. I will openly share insight about your use of Java that will change the way you think about everything, and put you leagues ahead of organizations who are still in the dark.

In June 2015, I authored the State of the Software Supply Chain Report - a quantitative analysis of 106,000 Java-centric development organizations that consumed 17 billion open source and proprietary software components from over 105,000 projects – all hosted on Maven Central. While the average organization consumed 240,000 components in 2014, the study revealed evidence of inefficient software sourcing practices, building in outdated components, and using software with known security vulnerabilities or potentially risky license types by mistake.

Attendees will also learn how technology, banking, and government organizations are applying proven supply chain principles from the manufacturing industry toward improving their Java-centric DevOps and Continuous Delivery practices. I will shed light on pending legislation in the U.S. Congress that may change the way all of us develop software in the future.

Derek Weeks

After flying to 40 countries and racing through a half-Ironman competition, Derek woke up one morning on the top of Kilimanjaro and saw the world in a new light. Soon after, Derek become a huge advocate of applying proven supply chain management principles into DevOps practices to improve efficiencies and sustain long-lasting competitive advantages. From 2015 - 2016, Derek led the largest and most comprehensive analysis of software supply chain practices to date across 3,000 development organizations.

As the VP and DevOps Advocate for Sonatype, Derek is passionate about changing the way people think about software supply chains and improving public safety through improved software integrity. Derek is also the founder and core-organizers of the All Day DevOps Conference.