Dev Interrupted It’s Not Open Source, It’s You. Where Open Source Risk Comes From w/ Sonatype
Picture this: an auto manufacturer with no clue what parts are in its supply chain, where those parts come from and no ability to recall those parts if vulnerabilities are discovered.
That’s not a reality consumers would accept. So why do organizations (and manufacturers!) tolerate it when it comes to software?
On this week’s episode of Dev Interrupted, Brian Fox, co-founder & CTO, and Stephen Magill, VP of Product Innovation, join us to talk about Sonatype’s State of the Software Supply Chain Report.
Listen as Brian and Stephen explain the ins and outs of open source risk management, how companies that aren’t open source maintainers can do a better job protecting themselves and why cybercrime is like “VC funds for the bad guys.”
Show Notes
8th Annual State of the Software Supply Chain Report
OFFERS
- Start Free Trial: Get started with LinearB's AI productivity platform for free.
- Book a Demo: Learn how you can ship faster, improve DevEx, and lead with confidence in the AI era.
LEARN ABOUT LINEARB
- AI Code Reviews: Automate reviews to catch bugs, security risks, and performance issues before they hit production.
- AI & Productivity Insights: Go beyond DORA with AI-powered recommendations and dashboards to measure and improve performance.
- AI-Powered Workflow Automations: Use AI-generated PR descriptions, smart routing, and other automations to reduce developer toil.
- MCP Server: Interact with your engineering data using natural language to build custom reports and get answers on the fly.