Build resilient systems at scale
October 12–14, 2015 • New York, NY

Why continuous everything requires a supply chain approach

Joshua Corman (Sonatype)
2:30pm–3:00pm Monday, 10/12/2015
Location: Rhinelander South
Average rating: ****.
(4.00, 2 ratings)
Slides:   external link

Prerequisite Knowledge



With continuous development, we write less code and consume more re-usable open source code. We are getting faster and more efficient. But this innovation also accelerates complexity and complexity is the enemy of quality. Poor quality creates unplanned/unscheduled work. Re-work creates a drag on development speed. It’s a continuous loop.

Couple this complexity with the fact that this past year was open season on open source. Heartbleed, Bash Bug, Shellshock… For many it took days, weeks, even months to determine if they were impacted, where they were impacted and then make the appropriate fixes. That’s alot of unplanned work. And those are just the vulnerabilities that made the headlines.

With the emergence of containers there is a benefit of even more speed and efficiency, but at the cost of visibility at a time when we need it most.

The good news: other industries have figured this out with supply chain management. Applying supply chain approaches to software raises the bar on continuous goals.

A few of the patterns we can take from the rigor of things like the Toyota Supply Chain:
• Scrutinize the number and quality of your “suppliers”
• Manage out avoidable risk and complexity
• Improve traceability and visibility
• Ensure prompt agile responses when things go wrong

Josh will will show that you can deliver applications on-time (even faster), on-budget (even more efficiently) and with a natural byproduct of higher quality and less risk by embracing supply chain principles as you embrace containerization with tools like Docker.

Photo of Joshua Corman

Joshua Corman


Joshua Corman is CTO for Sonatype. Previously, Corman was a security researcher/strategist at Akamai Technologies, The 451 Group, and IBM Internet Security Systems. He co-founded Rugged DevOps and I_Am_the_Cavalry to encourage new DevOps/security approaches. He’s adjunct faculty for Carnegie Mellon’s Heinze College, IANS Research, and Ponemon Institute Fellow.

Stay Connected

Follow Velocity on Twitter Facebook Group Google+ LinkedIn Group


More Videos »

O’Reilly Media

Tech insight, analysis, and research