Nextgov – Creating a More Secure and High-Quality Open-Source Supply Chain
As the world’s value-creation activities move from industrial manufacturing to software asset development, and use of open-source software becomes more prevalent, government IT personnel should look to the past to ensure their future. This means taking a close look at their software supply chains and the components they’re using to build applications. A major area of focus should be software supply chain. The same basic idea behind traditional industrial supply chain management can be applied to open-source software: fewer suppliers and high-quality parts lead to a reliable product. But open-source software supply chains have grown in complexity as open source becomes more popular. If federal IT professionals are not careful, they could end up with a huge number of suppliers and low-quality parts. There are a few strategies agency administrators can adopt to help their open-source supply chains remain secure and reliable: Build a parts list, understand the quality of the parts, and ascertain security implications.