Adam Such is a Solutions Architect for the DACH region at Sonatype.
His background is in software development and product management, with a diverse range of software development experience, from IoT devices to enterprise IT monitoring. He has also been an Agile/Scrum Product Owner and uses this experience to help companies across the world understand and improve their software supply chain and continuous delivery pipelines.
The Data Behind DevSecOps: The Power of Hindsight to Protect your Supply Chain
A series of high profile and devastating cyber attacks have demonstrated that adversaries have the intent and ability to exploit security vulnerabilities in the software supply chain. Never was that so apparent than in the massive breaches at Equifax, Solarwinds and Codecov. Attacks are no longer just focussed on code running in production, they directly target the Developer and their tools.
The time required for hackers to exploit a newly disclosed open source vulnerability has shrunk by 93.5% in the last decade. This harsh reality establishes a new normal for software supply chain management and demands that organizations are prepared to do three things within 48 hours of a new public disclosure:
1. Assess which, if any, of their applications are exploitable
2. Establish a comprehensive plan to remediate potential exposure,
3. Implement necessary fixes