April 18, 2023
(Recorded at Ford’s Fish Shack in lovely downtown Ashburn, VA)
When the history of software development is written, they will look back at the decade that preceded 2023 as the era where developers started to pull pre-written code off repositories and assemble code in this “modular” manner.
Many federal systems are constructed in this “cut and paste” method. This is all well and good if the code can be trusted. But can it?
Today, Emile Monette from Synopsys shares with listeners some fascinating statistics that document this historical transition and he offers solutions as well.
During the interview, Emile Monette references a recent study by his company, Synopsys, called the Open-Source Security and Risk Analysis Report.
They examined 1,700 codebases across seventeen industries and their findings correlate to what technology leaders think is happening.
Ninety-six percent of scanned codebases contained open-source code.
Perhaps the federal government should consider ways to make sure this code is safe to use. However, there is even more surprising data that was released.
Emile notes that, in addition to examining codebases more carefully, systems administrators should consider the basic “blocking and tackling” of software. He cites the figure that 89% of codebases were out of date and 91% contained components that were not the current version.
Synopsys has been in business since 1986 and has decades of experience in developing code for highly complex silicon design.
This is a rigorous development that must have high assurance of security and quality. They are applying this in-depth knowledge to help the proliferation of federal organizations that are in a situation where they require to know that the code they are using is safe.
If you enjoyed this article, you may want to listen to Ep. 59 How to Deliver Software with Impact
Has been behind a microphone since 1991. He can help you structure, launch, and promote your company podcast. email@example.com