Rework is Choking Software (2015 State of the Software Supply Chain Report)

  Rework is Hell “Software may be eating the world, but rework is choking software”, tweeted John Jeremiah (@j_jeremiah).  To shed more light on what is choking software, new data was released last week in the 2015 State of the Software Supply Chain Report. In its discussion of application quality and integrity, the report revealed that the average application includes 106 open source components.  It is clear that the use of these components has benefited development tremendously in helping to speed time to market and improve innovation.  While the benefits are undeniable, development teams are also delivering applications that are “insecure by design”.  Of the 106 components per application, the report’s analysis revealed an average of 24 (i.e., 23%) have known critical or severe security vulnerabilities.  Those same apps also showed an average of 9 restrictive license types (e.g., GPL, AGPL, LGPL). By electively sourcing components with known vulnerabilities and potential license risks, ...

Read More →

DevOps Leadership Series: Gov Does DevOps

This past week, I had the opportunity to catch up with some more industry thought leaders at the DevOpsDays DC event in our nation’s capital. This was the first major DevOps Days event to feature a large audience of government participants.  It was an awesome event and is certainly going to be on my must-attend list for next year. First off for the series, I had the chance to chat with Nathen Harvey, the Community Director at Chef.  Nathen also did a great job leading the organizing committee for DevOps Days DC. In this episode of the DevOps Leadership Series, Nathen illustrates some recurrent topics he noticed at DevOpsDays DC. Nathen ensures us that government is ready for DevOps, enterprises are ready for DevOps, and small businesses and web innovators are ready for DevOps. Then he highlights how we need to create high velocity organizations that are safe, scalable, and humane ...

Read More →

Better and Fewer Suppliers (2015 Software Supply Chain Report)

That Supplier is Better For You Since releasing the 2015 State of the Software Supply Chain Report, there has been a lot of great discussion across the industry on best practices for managing the complexity introduced by the volume and velocity of the components used across your software supply chain. Today I want to focus on the huge ecosystem of open source projects (“suppliers”) that feed a steady stream of innovative components into our software supply chains.  In the Java ecosystem alone, there are now over 108,000 suppliers of open source components.  Across all component types available to developers (e.g., RubyGems, NuGet, npm, Bower, PyPI, etc.), estimates now reach over 650,000 suppliers of open source projects. However, like in traditional manufacturing, not all suppliers deliver parts of comparable quality and integrity. My latest research, the 2015 State of the Software Supply Chain Report, shows that some open source projects use restrictive ...

Read More →

2015 State of the Software Supply Chain Report

In April of this year, I embarked on a six-week journey diving deep into an analysis of the world’s software supply chains.  I evaluated the practices of 106,000 organizations, the 100,000+ suppliers they relied on, and the billions of software components that fueled their agile, continuous delivery and DevOps practices. The facts I discovered and share in the 2015 State of the Software Supply Chain Report: Hidden Speed Bumps on the Road to Continuous, (pre-register for the full release: Tuesday, June 16th) fundamentally changed the way I thought about software (and about DevOps). The volume and velocity of consumption, the variety of parts and suppliers, and the impact on innovation and quality astounded me.  Early reviewers of the report including Gene Kim (co-author of the Phoenix project), Gareth Rushgrove (Puppet Labs and DevOps Weekly newsletter), Nick Galbreath (Signal Sciences), and Nigel Simpson (Fortune 100 Entertainment and Media company) agreed.     My aim for this research is not simply ...

Read More →

DevOps Leadership Series: Monitoring Containers and Microservices

Trevor Parsons (@trevparsons) is a Co-Founder and Chief Scientist at Logentries, a leading SaaS-delivered log management and analytics service. I caught up with Trevor at the Velocity Conference in Santa Clara and asked him what themes were resonating with attendees this year. For this episode of the DevOps Leadership Series, Trevor briefly illustrates some current problems with state of microservices and container-based architectures, while sharing a positive outlook for the future. Trevor says there’s been a lot of development in how to log and monitor containerized systems and he sees better support from Docker for logging, showing an increasing focus on this topic in 2015 and beyond. He anticipates the next year to have huge improvements in managing and monitoring these new systems and architectures. Next up in the DevOps Leadership Series, I headed to London for the DevOps Connect: Rugged DevOps event, where we’ll discuss more about Rugged DevOps practices.  In London, I was ...

Read More →

DevOps Leadership Series: Compliance, Testing, and Rugged

  This past week, I headed to London for the Rugged DevOps event, where I had the chance to catch up with a few more industry thought leaders.   First, I caught up with Gareth Rushgrove from Puppet Labs, who also runs the DevOps Weekly newsletter.  In this episode of the DevOps Leadership Series, Gareth explains why the importance of security tests within DevOps practices is going to be a big topic for years to come. Gareth anticipates that “In five years time we will look back on this and ask ‘why were we not always doing this’?”   I then caught up with Helen Beal, Head of DevOps at Ranger4, where she discussed the importance of DevOps and security.  While the two ultimately need to work hand and hand, she voiced concerns about DevOps practices sometimes circumventing controls that are essential to a business’s safety. She also said that ...

Read More →

Top 3 DevOps Practices for Operational Stability

Operational Stability is one of the main concerns in organizations. Especially some larger organization struggle to get a more stable IT landscape. Too often it’s political discussions that are preventing them from doing something about it. Organizations that have DevOps teams in place can just smile because they are enabled to be in control of their entire delivery chain from development to production. Read about what DevOps teams do in order to be real DevOps and why they’re smiling all day long. ...

Read More →

The DevOps-Price of Segregation of Duties.

Segregation of duties will change because it must change. It has a tremendous impact on our motivation, time to market and IT Security. It influences many parts of an organization. Most organizations have started with DevOps, Continuous Delivery and Continuous Deployment and it is only natural to think about segregation of duties at one point and how we deal with it today. Today, it costs us a fortune that we’re not willing to pay in the near future. And why should we? ...

Read More →

Webinar: Show Me Success Before I’ll Invest in DevOps – A HM Health Solutions Case Study

Whatever your conviction, the reluctance by senior management to justify new investments and sponsor major change in existing software delivery practices and technologies, while theoretically understandable, often leaves application development executives and managers lobbying for additional budget and resources putting them and their teams between a rock and a hard place. So the question is how do you monetize the benefits and measure your DevOps results? Join Valerie Scott, Manager of Shared Services Division at HM Health Solutions, Rick Slade from IBM, and Alan Shimel from DevOps.com as they discuss the process for quantifying DevOps benefits using metrics your business stakeholder will care about the most. They will walk you through the methodology and share customer case studies that demonstrate the impressive ROI that DevOps is providing to IBM clients worldwide. EVENT RECORDED: Tuesday, June 2, 2015 VIDEO   SLIDES         Your Host:  Alan Shimel, Editor-in-Chief DevOps.com, ...

Read More →

The Business Value of Continuous Testing

Enterprise software development models have presented many innovative solutions for IT to align development efforts with business goals. Adopting new software development lifecycle methodologies is as much a business decision as an IT decision. From an IT perspective, this means the ability to produce profitable products at lower cost without compromising quality. Maintaining quality through the code changes to add features and push new releases has been a struggle until the inception of the DevOps-driven Continuous Testing model, which transforms costly, time-consuming IT practices into profit centers. The DevOps Patch to Agile Pitfall Having already adopted lean Dev and Ops strategies, Agile enterprise IT seems to have unlocked unprecedented efficiency and productivity by delivering better business value at a rapid pace. But in all the mayhem and chaos in jumping on the bandwagon of the Agile development, IT teams ended up stockpiling a mass of false assumptions. Simply implementing Agile ...

Read More →