In its 12th year, the bi-annual report from global technology consultancy Thoughtworks also spotlights the changing economics of open source software
Thoughtworks (NASDAQ: TWKS), a global technology consultancy that integrates strategy, design and engineering to drive digital innovation, today released Volume 26 of the Technology Radar, a biannual report informed by Thoughtworks’ observations, conversations and frontline experience solving its clients’ toughest business challenges. While the concept of securing the software supply chain has been around for a few years, one of the major themes of the report is how there are now practical steps for businesses in the pathway to highly secure software in production and beyond.
In May 2021, the U.S. White House published its Executive Order on Improving the Nation’s Cybersecurity. One section addresses enhancing software supply chain security. Realizing it’s no longer sufficient to only write secure code, businesses are now expanding their understanding of the security risks throughout the entire software supply chain and investing in more responsible engineering practices, including validating and governing project dependencies. Checklists and standards such as the Supply chain Levels for Software Artifacts (SLSA) are new entries to this edition of the Radar, demonstrating that there are now pragmatic tools that are taking how to address this issue beyond the theoretical.
“A confluence of events — whether public instances of severe, brand-impacting breaches or government mandates — has increased the emphasis businesses are placing on understanding the complexity and the breadth of the ecosystem involved in the software supply chain,” said Dr. Rebecca Parsons, chief technology officer at Thoughtworks. “While many organizations focus on systems in production, it is just as critical to place the same strong level of controls on testing, sandbox and cloud environments. While it’s a daunting proposition, there are now concrete tools and engineering practices to help businesses manage and automate supply chain security as they work to keep their systems highly secure.”
Highlighted themes included in Technology Radar Vol. 26 include:
- Software supply chain innovations: Hackers are increasingly taking advantage of the asymmetrical nature of offense and defense in the security arena — they only need to find one vulnerability, whereas defenders must secure the entire attack surface — while employing increasingly sophisticated hacking techniques. Improved supply chain security is a critical piece of the response as businesses work to keep systems secure.
- The bizarre bazaar: The changing economics of open-source software Open-source software improves developer agility and crowdsources both bug fixes and innovation. The many different approaches to commercialization of and support for open-source software demonstrate the immense economic complexity of the current ecosystem.
- Why do developers keep implementing state management in React?: Typically after a foundational framework becomes popular, it’s followed by a raft of tools creating an ecosystem for improvements and enhancements and ends with consolidation around a few popular tools. However, React state management seems resistant to this common tendency.
- The neverending quest for the master data catalog: The desire to get more value out of corporate data assets continues to drive investment. A renewed interest in corporate data catalogs is leading to a surge of clever new tools with expanding feature sets that address governance, quality management and publishing. In contrast to this trend, there is also a growing movement away from centralized, top-down data management and toward federated governance and discovery based on a data mesh architecture.
Visit www.thoughtworks.com/radar to explore the interactive version of the Radar or download the PDF version.
Supporting resources:
- Keep up with Thoughtworks news by visiting the company’s website
- Follow us on Twitter, LinkedIn and YouTube.
For more such updates and perspectives around Digital Innovation, IoT, Data Infrastructure, AI & Cybersecurity, go to AI-Techpark.com.