' Everybody has a technology supply chain' Jason Green, Sonatype Click To Tweet
In the studio today are Jason Green, VP Public Sector, and Derek Weeks, VP and DevOps Advocate, Sonatype. Their platform is used in over 150 federal agencies. We invited the subject matter experts into the studio to how us how Sonatype can reduce cost and increase cybersecurity for federal agencies. The bottom line: more secure code, less hassle.
Software development has changed drastically over the past decade. Let’s take a 22-year-old graduate with a degree in computer science. At one time, they would start off testing code, then start to write code line-by-line. Today, 80% of applications are developed using open source software. Instead of laboriously worrying over each caret and comma, code is grabbed and assembled. This can make for quick iterations and rapid project completion.
However, malicious actors are informed of new software developments as well. During the discussion, Jason mentions that some see open source code with a 12% vulnerability factor. They are playing a two-step game. First, create free open source code. An organization downloads it. Then, they come back through a back door and inject malicious code.
Sonatype provides assurance that the code is clean. Their website claims to offer more secure code with less hassle by providing central repositories for code. Listening to this discussion just reinforces that difficulty of securing an enterprise-level system for attack.