SlideShare une entreprise Scribd logo
1  sur  15
Télécharger pour lire hors ligne
©2021 Revenera | Company Confidential
OPEN SOURCE
GOVERNANCE
TOP TEN TRENDS AND PREDICTIONS FOR 2021
©2021 Revenera | Company Confidential
TODAY’S SPEAKERS
RUSS ELING
Founder at OSS Engineering Consultants
russ@ossengineeringconsultants.com
ALEX RYBAK
Director, Product Management at Revenera
arybak@revenera.com
©2021 Revenera | Company Confidential
“SCA efforts must accelerate their shift toward the development phase. Savvy firms that use SCA early in the SDLC
ensure that open source vulnerabilities and licensing issues don’t cascade throughout the application.”
– Forrester, The State of Application Security, 2020
1 THE SHIFT-LEFT MOVEMENT
©2021 Revenera | Company Confidential
“DevOps tasks such as open-source license compliance, security management and functionally safe certification are
driving the demand for greater software transparency across the supply chain. Simply put—manufacturers cannot
succeed at these tasks without clear insight into the third-party and open-source software components that comprises
their products. This requires a continuous analysis of software commits throughout the development lifecycle.”
– Mark Gisi, Director of IP & Open Source Program Office, Wind River
2 SOFTWARE SUPPLY CHAIN MATURITY
©2021 Revenera | Company Confidential
Based on Forrester Research
TOP 40 U.S. AND TOP 5
INTERNATIONAL COMPUTER SCIENCE PROGRAMS
DO NOT INCLUDE OPEN SOURCE LICENSING
AND SECURE CODING IN CURRICULUM.
“
“
3 OSS AND SECURITY TRAINING
©2021 Revenera | Company Confidential
25 25 29 8 27 17 29 19 N/A
221 236 252
454
560 590 626 670
3,630
2012 2013 2014 2015 2016 2017 2018 2019 2020
Average OSS discovered by Revenera’s audit teams
Average OSS disclosed by customers
Source: Revenera Professional Services Audit Data 2012 – 2020 (Sampled)
122% increase over 2 years
Package managers gain
adoption in build environments
for managing dependencies
442% increase YOY
Popular ecosystems
including PyPI, NPM,
RubyGems, and many
others are bringing in
many more dependencies
4 BOM CONTINUES TO GROW
©2021 Revenera | Company Confidential
REVIEW
REMEDIATE
(optional)
MONITOR
REFINE
(optional)
CREATE
Software producers, maintainers, and security
professionals alike must understand that merely viewing
the use of a Software Bill of Materials as a vehicle for
security and compliance is no longer enough. Safety,
security, export controls, a secure chain of custody, and
even regulation will drive customers to demand this as a
requirement in software agreements. Disclosing a
Software Bill of Materials will soon become a general part
of doing business in the world of selling secure software.
– Christine Gadsby, Vice President of Product Security, BlackBerry
5 IMPORTANCE OF THE BILL OF MATERIALS
©2021 Revenera | Company Confidential
In just 10 years, GitHub has transformed how
people code. GitHub hasn’t just made coding
easier—it has changed the way software
developers think about programming.
▪ 60M new repositories in 2020
▪ 1.9B contributions
6
MATURITY AND
CONSOLIDATION
OF OSS MARKETPLACES
©2021 Revenera | Company Confidential
61% of US dealmakers expect M&A activity to return
to pre–COVID-19 levels within the next 12 months.
- Deloitte’s Future of M&A Trends Survey
7 M&A IS PICKING UP AGAIN
©2021 Revenera | Company Confidential
Gartner, The Future of DevOps Toolchains Will Involve Maximizing Flow in IT Value Streams
BY 2023, 70% OF ORGANIZATIONS WILL USE
VALUE STREAM MANAGEMENT TO IMPROVE FLOW
IN THE DEVOPS PIPELINE, LEADING TO
FASTER DELIVERY OF CUSTOMER VALUE.
“
“
8 ANALYSIS TIMELINES ARE GETTING COMPRESSED
©2021 Revenera | Company Confidential
FALSE-POSITIVES RATE DATA CURRENCY
9 KEY MARKET CHALLENGES FOR CONTENT
©2021 Revenera | Company Confidential
ENTERPRISE SCALING DEPLOYMENT MODELS
10 KEY MARKET CHALLENGES FOR DEPLOYMENT
©2021 Revenera | Company Confidential
KEY TAKEAWAYS
1. Adoption of Shift-Left
2. Software Supply Chain
Maturity
3. OSS and Security Training
4. BOM Continues to Grow Due
to Dependencies
5. Emphasis on the Importance
of the Bill of Materials
6. Maturity and Consolidation of OSS
Marketplaces
7. Pace of M&A is Increasing
8. Analysis Timelines are Getting
Compressed
9. Key market challenge: False
Positives and Data Currency
10. Key market challenge: Enterprise
Scaling and Deployment Models
©2021 Revenera | Company Confidential
Q & A
©2021 Revenera | Company Confidential
THANK YOU!
Alex Rybak
arybak@revenera.com
Russ Eling
russ@ossengineeringconsultants.com
revenera.com
ossengineeringconsultants.com

Contenu connexe

Tendances

Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!DevOps.com
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...DevOps.com
 
Measure Customer Value with Self-Service Observability
Measure Customer Value with Self-Service ObservabilityMeasure Customer Value with Self-Service Observability
Measure Customer Value with Self-Service ObservabilityDevOps.com
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...DevOps.com
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementWhiteSource
 
Analyst Resources for Chief Information Security Officers (CISOs)
Analyst Resources for Chief Information Security Officers (CISOs)Analyst Resources for Chief Information Security Officers (CISOs)
Analyst Resources for Chief Information Security Officers (CISOs)Synopsys Software Integrity Group
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsDevOps.com
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisCarlos Andrés García
 
Artificial Intelligence for Network Telkom Group
Artificial Intelligence for Network Telkom GroupArtificial Intelligence for Network Telkom Group
Artificial Intelligence for Network Telkom GroupDevOps Indonesia
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsStefan Streichsbier
 
DevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkDevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkVMware Tanzu
 
Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com
 
Threat Modelling in DevSecOps Cultures
Threat Modelling in DevSecOps CulturesThreat Modelling in DevSecOps Cultures
Threat Modelling in DevSecOps CulturesDevOps Indonesia
 
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline DevOps.com
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource
 
Piacere general presentation
Piacere general presentationPiacere general presentation
Piacere general presentationPIACERE
 
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...DevOps.com
 
5 Challenges of Moving Applications to the Cloud
5 Challenges of Moving Applications to the Cloud5 Challenges of Moving Applications to the Cloud
5 Challenges of Moving Applications to the CloudtCell
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
 

Tendances (20)

Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!Security & DevOps - What We Have Here Is a Failure to Communicate!
Security & DevOps - What We Have Here Is a Failure to Communicate!
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
 
Measure Customer Value with Self-Service Observability
Measure Customer Value with Self-Service ObservabilityMeasure Customer Value with Self-Service Observability
Measure Customer Value with Self-Service Observability
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities Management
 
Analyst Resources for Chief Information Security Officers (CISOs)
Analyst Resources for Chief Information Security Officers (CISOs)Analyst Resources for Chief Information Security Officers (CISOs)
Analyst Resources for Chief Information Security Officers (CISOs)
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security Analysis
 
Artificial Intelligence for Network Telkom Group
Artificial Intelligence for Network Telkom GroupArtificial Intelligence for Network Telkom Group
Artificial Intelligence for Network Telkom Group
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
 
DevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkDevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it Work
 
Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
 
Veracode - Inglês
Veracode - InglêsVeracode - Inglês
Veracode - Inglês
 
Threat Modelling in DevSecOps Cultures
Threat Modelling in DevSecOps CulturesThreat Modelling in DevSecOps Cultures
Threat Modelling in DevSecOps Cultures
 
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
 
Piacere general presentation
Piacere general presentationPiacere general presentation
Piacere general presentation
 
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
 
5 Challenges of Moving Applications to the Cloud
5 Challenges of Moving Applications to the Cloud5 Challenges of Moving Applications to the Cloud
5 Challenges of Moving Applications to the Cloud
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
 

Similaire à 2021 Open Source Governance: Top Ten Trends and Predictions

Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator DevOps.com
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleDenim Group
 
Avoid Unhappy Returns: Proactively Plug Your Revenue Leaks
Avoid Unhappy Returns: Proactively Plug Your Revenue LeaksAvoid Unhappy Returns: Proactively Plug Your Revenue Leaks
Avoid Unhappy Returns: Proactively Plug Your Revenue LeaksDevOps.com
 
Intro To Observability-March-2023.pdf
Intro To Observability-March-2023.pdfIntro To Observability-March-2023.pdf
Intro To Observability-March-2023.pdfPremDomingo
 
CA Technologies Survive and Thrive in the Application Economy- August 2014
CA Technologies   Survive and Thrive in the Application Economy- August 2014CA Technologies   Survive and Thrive in the Application Economy- August 2014
CA Technologies Survive and Thrive in the Application Economy- August 2014JAX Chamber IT Council
 
Future Of DevOps Trends 2023
Future Of DevOps Trends 2023Future Of DevOps Trends 2023
Future Of DevOps Trends 2023WeCode Inc
 
Shift Left with Continuous Inspection
Shift Left with Continuous InspectionShift Left with Continuous Inspection
Shift Left with Continuous InspectionSerena Software
 
apidays New York - Building an API Platform Business, David Mooter, Forrester
apidays New York - Building an API Platform Business, David Mooter, Forresterapidays New York - Building an API Platform Business, David Mooter, Forrester
apidays New York - Building an API Platform Business, David Mooter, Forresterapidays
 
Getting Demo & POV Ready
Getting Demo & POV ReadyGetting Demo & POV Ready
Getting Demo & POV ReadyThousandEyes
 
apidays LIVE Singapore - There’s more to API than meets the eye by Jonathan H...
apidays LIVE Singapore - There’s more to API than meets the eye by Jonathan H...apidays LIVE Singapore - There’s more to API than meets the eye by Jonathan H...
apidays LIVE Singapore - There’s more to API than meets the eye by Jonathan H...apidays
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsThousandEyes
 
Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Christophe Monnier
 
Navigating the Top Six Business Challenges of Delivering Software as a Service
Navigating the Top Six Business Challenges of Delivering Software as a Service  Navigating the Top Six Business Challenges of Delivering Software as a Service
Navigating the Top Six Business Challenges of Delivering Software as a Service LicensingLive! - SafeNet
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator DevOps.com
 
Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Christophe Monnier
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator DevOps.com
 
Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...
Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...
Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...Amazon Web Services
 
Progress OE Roadmap and Vision - PUG Baltic Annual Conference 2017
Progress OE Roadmap and Vision - PUG Baltic Annual Conference 2017Progress OE Roadmap and Vision - PUG Baltic Annual Conference 2017
Progress OE Roadmap and Vision - PUG Baltic Annual Conference 2017Alen Leit
 

Similaire à 2021 Open Source Governance: Top Ten Trends and Predictions (20)

Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
 
Avoid Unhappy Returns: Proactively Plug Your Revenue Leaks
Avoid Unhappy Returns: Proactively Plug Your Revenue LeaksAvoid Unhappy Returns: Proactively Plug Your Revenue Leaks
Avoid Unhappy Returns: Proactively Plug Your Revenue Leaks
 
Intro To Observability-March-2023.pdf
Intro To Observability-March-2023.pdfIntro To Observability-March-2023.pdf
Intro To Observability-March-2023.pdf
 
CA Technologies Survive and Thrive in the Application Economy- August 2014
CA Technologies   Survive and Thrive in the Application Economy- August 2014CA Technologies   Survive and Thrive in the Application Economy- August 2014
CA Technologies Survive and Thrive in the Application Economy- August 2014
 
Future Of DevOps Trends 2023
Future Of DevOps Trends 2023Future Of DevOps Trends 2023
Future Of DevOps Trends 2023
 
Shift Left with Continuous Inspection
Shift Left with Continuous InspectionShift Left with Continuous Inspection
Shift Left with Continuous Inspection
 
apidays New York - Building an API Platform Business, David Mooter, Forrester
apidays New York - Building an API Platform Business, David Mooter, Forresterapidays New York - Building an API Platform Business, David Mooter, Forrester
apidays New York - Building an API Platform Business, David Mooter, Forrester
 
Getting Demo & POV Ready
Getting Demo & POV ReadyGetting Demo & POV Ready
Getting Demo & POV Ready
 
apidays LIVE Singapore - There’s more to API than meets the eye by Jonathan H...
apidays LIVE Singapore - There’s more to API than meets the eye by Jonathan H...apidays LIVE Singapore - There’s more to API than meets the eye by Jonathan H...
apidays LIVE Singapore - There’s more to API than meets the eye by Jonathan H...
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
 
Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...
 
Navigating the Top Six Business Challenges of Delivering Software as a Service
Navigating the Top Six Business Challenges of Delivering Software as a Service  Navigating the Top Six Business Challenges of Delivering Software as a Service
Navigating the Top Six Business Challenges of Delivering Software as a Service
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator
 
Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...Cloud service providers survey breaking through the cloud adoption barriers- ...
Cloud service providers survey breaking through the cloud adoption barriers- ...
 
DevOps 2021 Research
DevOps 2021 ResearchDevOps 2021 Research
DevOps 2021 Research
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator
 
Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...
Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...
Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...
 
Ca Continuous Delivery
Ca Continuous DeliveryCa Continuous Delivery
Ca Continuous Delivery
 
Progress OE Roadmap and Vision - PUG Baltic Annual Conference 2017
Progress OE Roadmap and Vision - PUG Baltic Annual Conference 2017Progress OE Roadmap and Vision - PUG Baltic Annual Conference 2017
Progress OE Roadmap and Vision - PUG Baltic Annual Conference 2017
 

Plus de DevOps.com

Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykDevOps.com
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudDevOps.com
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionDevOps.com
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)DevOps.com
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDevOps.com
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureDevOps.com
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportDevOps.com
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogDevOps.com
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDevOps.com
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid finalDevOps.com
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureDevOps.com
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...DevOps.com
 
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...DevOps.com
 
The Importance of Visibility and Security of Critical Applications in Cloud E...
The Importance of Visibility and Security of Critical Applications in Cloud E...The Importance of Visibility and Security of Critical Applications in Cloud E...
The Importance of Visibility and Security of Critical Applications in Cloud E...DevOps.com
 
Monitoring Your AWS EKS Environment with Datadog
Monitoring Your AWS EKS Environment with DatadogMonitoring Your AWS EKS Environment with Datadog
Monitoring Your AWS EKS Environment with DatadogDevOps.com
 
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersThe DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersDevOps.com
 
Messaging Connectivity in Hybrid Kubernetes Cloud Environments
Messaging Connectivity in Hybrid Kubernetes Cloud EnvironmentsMessaging Connectivity in Hybrid Kubernetes Cloud Environments
Messaging Connectivity in Hybrid Kubernetes Cloud EnvironmentsDevOps.com
 

Plus de DevOps.com (20)

Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the Cloud
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware Resolution
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident Response
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with Datadog
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or Privately
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call Culture
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
 
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
 
The Importance of Visibility and Security of Critical Applications in Cloud E...
The Importance of Visibility and Security of Critical Applications in Cloud E...The Importance of Visibility and Security of Critical Applications in Cloud E...
The Importance of Visibility and Security of Critical Applications in Cloud E...
 
Monitoring Your AWS EKS Environment with Datadog
Monitoring Your AWS EKS Environment with DatadogMonitoring Your AWS EKS Environment with Datadog
Monitoring Your AWS EKS Environment with Datadog
 
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersThe DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
 
Messaging Connectivity in Hybrid Kubernetes Cloud Environments
Messaging Connectivity in Hybrid Kubernetes Cloud EnvironmentsMessaging Connectivity in Hybrid Kubernetes Cloud Environments
Messaging Connectivity in Hybrid Kubernetes Cloud Environments
 

Dernier

Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 

Dernier (20)

201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 

2021 Open Source Governance: Top Ten Trends and Predictions

  • 1. ©2021 Revenera | Company Confidential OPEN SOURCE GOVERNANCE TOP TEN TRENDS AND PREDICTIONS FOR 2021
  • 2. ©2021 Revenera | Company Confidential TODAY’S SPEAKERS RUSS ELING Founder at OSS Engineering Consultants russ@ossengineeringconsultants.com ALEX RYBAK Director, Product Management at Revenera arybak@revenera.com
  • 3. ©2021 Revenera | Company Confidential “SCA efforts must accelerate their shift toward the development phase. Savvy firms that use SCA early in the SDLC ensure that open source vulnerabilities and licensing issues don’t cascade throughout the application.” – Forrester, The State of Application Security, 2020 1 THE SHIFT-LEFT MOVEMENT
  • 4. ©2021 Revenera | Company Confidential “DevOps tasks such as open-source license compliance, security management and functionally safe certification are driving the demand for greater software transparency across the supply chain. Simply put—manufacturers cannot succeed at these tasks without clear insight into the third-party and open-source software components that comprises their products. This requires a continuous analysis of software commits throughout the development lifecycle.” – Mark Gisi, Director of IP & Open Source Program Office, Wind River 2 SOFTWARE SUPPLY CHAIN MATURITY
  • 5. ©2021 Revenera | Company Confidential Based on Forrester Research TOP 40 U.S. AND TOP 5 INTERNATIONAL COMPUTER SCIENCE PROGRAMS DO NOT INCLUDE OPEN SOURCE LICENSING AND SECURE CODING IN CURRICULUM. “ “ 3 OSS AND SECURITY TRAINING
  • 6. ©2021 Revenera | Company Confidential 25 25 29 8 27 17 29 19 N/A 221 236 252 454 560 590 626 670 3,630 2012 2013 2014 2015 2016 2017 2018 2019 2020 Average OSS discovered by Revenera’s audit teams Average OSS disclosed by customers Source: Revenera Professional Services Audit Data 2012 – 2020 (Sampled) 122% increase over 2 years Package managers gain adoption in build environments for managing dependencies 442% increase YOY Popular ecosystems including PyPI, NPM, RubyGems, and many others are bringing in many more dependencies 4 BOM CONTINUES TO GROW
  • 7. ©2021 Revenera | Company Confidential REVIEW REMEDIATE (optional) MONITOR REFINE (optional) CREATE Software producers, maintainers, and security professionals alike must understand that merely viewing the use of a Software Bill of Materials as a vehicle for security and compliance is no longer enough. Safety, security, export controls, a secure chain of custody, and even regulation will drive customers to demand this as a requirement in software agreements. Disclosing a Software Bill of Materials will soon become a general part of doing business in the world of selling secure software. – Christine Gadsby, Vice President of Product Security, BlackBerry 5 IMPORTANCE OF THE BILL OF MATERIALS
  • 8. ©2021 Revenera | Company Confidential In just 10 years, GitHub has transformed how people code. GitHub hasn’t just made coding easier—it has changed the way software developers think about programming. ▪ 60M new repositories in 2020 ▪ 1.9B contributions 6 MATURITY AND CONSOLIDATION OF OSS MARKETPLACES
  • 9. ©2021 Revenera | Company Confidential 61% of US dealmakers expect M&A activity to return to pre–COVID-19 levels within the next 12 months. - Deloitte’s Future of M&A Trends Survey 7 M&A IS PICKING UP AGAIN
  • 10. ©2021 Revenera | Company Confidential Gartner, The Future of DevOps Toolchains Will Involve Maximizing Flow in IT Value Streams BY 2023, 70% OF ORGANIZATIONS WILL USE VALUE STREAM MANAGEMENT TO IMPROVE FLOW IN THE DEVOPS PIPELINE, LEADING TO FASTER DELIVERY OF CUSTOMER VALUE. “ “ 8 ANALYSIS TIMELINES ARE GETTING COMPRESSED
  • 11. ©2021 Revenera | Company Confidential FALSE-POSITIVES RATE DATA CURRENCY 9 KEY MARKET CHALLENGES FOR CONTENT
  • 12. ©2021 Revenera | Company Confidential ENTERPRISE SCALING DEPLOYMENT MODELS 10 KEY MARKET CHALLENGES FOR DEPLOYMENT
  • 13. ©2021 Revenera | Company Confidential KEY TAKEAWAYS 1. Adoption of Shift-Left 2. Software Supply Chain Maturity 3. OSS and Security Training 4. BOM Continues to Grow Due to Dependencies 5. Emphasis on the Importance of the Bill of Materials 6. Maturity and Consolidation of OSS Marketplaces 7. Pace of M&A is Increasing 8. Analysis Timelines are Getting Compressed 9. Key market challenge: False Positives and Data Currency 10. Key market challenge: Enterprise Scaling and Deployment Models
  • 14. ©2021 Revenera | Company Confidential Q & A
  • 15. ©2021 Revenera | Company Confidential THANK YOU! Alex Rybak arybak@revenera.com Russ Eling russ@ossengineeringconsultants.com revenera.com ossengineeringconsultants.com