Hate those e-mails "are you using some_vulnerable.JAR or some_vulnerable_class" on a project you or nobody has touched in years then your eyes dry over looking at the dependency hierarchy of an old project?
Well hate no more! Understanding that not all JARs are created equally is the first step in realizing there is consternation. The only constant is change in Open Source and keeping up with versions, CVEs, industry trends, etc could be a burden especially as team members move on. So many dependencies in a modern JAVA project one would need a warehouse to store all these parts [*cough* your artifact repository].
Having supply chain discipline when consuming Open Source can help answer the "where" and "what" an enterprise has deployed. Applying supply chain principles and data beyond your CMDB would have insight to. Makes Dev & Ops happy driving Open Source adoption and visibility.
Speaker: Ravi Lachhman
Ravi is currently the Technical Director for the South East for Sonatype. Helping enterprises along the OSS governance journey. Prior to Sonatype, Ravi most recently worked at Red Hat as App Dev [JBoss Stack] Architect. Prior to Red Hat, Ravi has worked at Deloitte and IBM helping private and federal organizations build large scale JEE integrations and products.
Healthesystems Venue information:
Park in the parking garage or in the parking lot.
Enter the building through the green awning (refer to red arrow below), take the elevator or stairs to the second floor. We'll have signs posted.