Managing Risk in Component Based Development

Managing Risk in Component Based Development

October 15, 2013

Usage of Java components to build applications has grown exponentially. Most applications are now composed primarily of components – 80 – 90% of an application consists of components.

Many of these components are open source components that are housed in the Central Repository, the defacto standard used by open source project teams to distribute their binaries. Recent research shows some interesting trends:
• 8 billion components were downloaded from Central in the last 12 months.
• 53% of survey respondents are standardizing on an open source development infrastructure stack.
• 76% of large organizations have no control over what components are being used in software development projects

Although components help improve developer productivity so that applications can be delivered faster, if components are not managed effectively, security, licensing, and quality issues can put your organization at risk. Industry analysts and standards efforts recognize managing components as a key requirement for modern development efforts. Gartner addresses the need to manage components as part of an overall software supply chain approach:

“IT supply chain integrity issues are expanding from hardware into software and information. They are growing more complex as IT systems are assembled from a large number of geographically diverse providers, and, now of mainstream concern to enterprise IT.” – Ray Valdes, research vice president at Gartner.

Join us as we introduce key concepts for managing and exploiting these components. We’ll discuss the current state of application development market, the promise and challenge of components, and we’ll provide you with a set of best practice considerations to kick-start your component management initiative.”

About the Speakers

Brian is VP of Product Management at Sonatype, with extensive open source experience as a member of the Apache Software Foundation for the past 7 years and former Chair of the Apache Maven project. Brian has provided significant development contributions to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin. He has over 15 years of experience driving the vision behind, as well as developing and leading the development of software for organizations ranging from startups to large enterprises. Brian is a frequent speaker at national and regional events including JavaOne, and other development related conferences. Brian holds a Bachelor of Science degree in Computer Science from Daniel Webster College.
Posted in Meetings
AJUG Meetup

The Illusion of Control: Secrets Within Your Java-Based Software Supply Chain

Tuesday, September 15, 2015

You may not realize it, but you have a Java-based software supply chain. There is a massive volume of open source and proprietary components being consumed within your software supply chain at a very high velocity. Within it, a lot of inefficiencies are *hidden* to you and are silently sabotaging your efforts to accelerate development, improve efficiency and maintain quality. During the meeting, I will openly share insight about your use of Java that will change the way you think about everything, and put you leagues ahead of organizations who are still in the dark.

This year, I authored the 2015 State of the Software Supply Chain Report – a quantitative analysis of 160,000 Java-centric development organizations that consumed 17 billion open source and proprietary software components from over 105,000 projects — all hosted on Maven Central. While the average organization consumed 240,000 components in 2014, the study revealed evidence of inefficient software sourcing practices, building in outdated components, and using software with known security vulnerabilities or potentially risky license types by mistake.

Attendees will also learn how organizations like ServiceNow, Blackboard and DHS are applying proven supply chain principles from the manufacturing industry toward improving their Java-centric DevOps and Continuous Delivery practices. Then, I will shed light on pending legislation in the U.S. Congress that may change the way all of us develop software in the future.


Holiday Inn Atlanta-Perimeter/Dunwoody

4386 Chamblee Dunwoody Road,
Atlanta, GA (map)

AJUG Tweets

Follow @atlantajug on twitter.

Recent Jobs