SlideShare ist ein Scribd-Unternehmen logo
1 von 16
Downloaden Sie, um offline zu lesen
Advanced Development Pack
for
26 Novembre 2020
2015
Putting
Power Into
the Hands
of the
Developers 2020 2025
DevelopmentSecurity
10%
20%
30%
40%
50%
The Market Shift
90%
80%
70%
60%
We were historically
successful selling here.
We are highly differentiated
in this market.
Security acts as a gate
for code deployment.
Empower the developers.
Integrated and automated
end-to-end quality.
(They have been
historically ineffective at
truly integrating
into development.)
100%
~60%
~40%
~80%
~20%
Making Developer’s Lives Easier
CHOOSE THE BEST COMPONENTS
Smarter component selection with our new Exemplar ratings for
OSS projects.
AVOID SUSPICIOUS PACKAGES
Decrease the risk of a security breach or defective code by blocking
potentially malicious and harmful OSS releases from entering
production environments.
KNOW WHAT WILL BREAK
Fewer breaking changes and policy violations with simple OSS
upgrades and insight into level of effort between version
migrations.
FIX DEPENDENCIES FASTER
Improved dependency management with single click upgrades and
guidance on when to upgrade a dependency and why.
Less rework and maintenance due to higher-quality “pool” of
components and contextual understanding of what fits organizational
requirements.
Improved Project Quality with early warning of suspicious behavior in
code and access to components from the best suppliers.
Increased Bandwidth and Time to Innovate due to reduction in time
spent researching quality OSS components.
Decreased “Level of Effort” when upgrading to the next best OSS
component with our recommendations and single click migrations.
Benefits
What’s in the Pack?
Capability
Overview
Transitive SolverBreaking ChangesComponent Chooser
Gives a recommended
version for the direct
dependency which also
resolves the transitive
dependency without
violating policy or
breaking builds.
Provides teams with data
on “what” will break & how
much effort it’ll take to
upgrade between current
& newer versions.
Release Integrity
Enhances Nexus Firewall’s
capabilities to automatically
detect & block suspicious
and potentially malicious
OSS components before
they enter the development
environment.
Fix Faster
We’ll suggest the best ways to
resolve problems more effectively
when they come up.
Enables development teams
select the highest-quality OSS
components for their projects.
They can search and compare
components based on hygiene
ratings (exemplar, laggard,
neutral), view additional
component insights, and see
what’s already being
used/approved within their
organization.
Develop Seamlessly
Make better decisions about components
being used in the applications.
Ratings include:
● Exemplar
● Neutral
● Laggard
Select the best quality components
based on component cleanliness,
committer behavior, etc.
Easily compare the viability
of different components
based on their rating.
Showing You Only the Best OSS Components
Health & Hygiene Data
Early warning and identification of
next-gen software supply chain
attacks (currently npm only).
Avoid threats like typosquatting
and malicious code injection.
Component risk score to assess
level of risk you could take on by
choosing that component.
Release Integrity with Firewall.
Release Integrity
Breaking Changes Intelligence
Prioritize component upgrades
by development effort.
Pinpoint simple upgrades and
assess upgrade challenges.
Quickly find the best version upgrade
without “breaking” the project.
Transitive Solver
Comprehensive view into your
open source risk profile.
Easily solve for direct
and transitive
dependency violations
without failing builds
or violating policies.
One-click remediation and
improved prioritization.
Supporting Slides
2015
Dev Sponsor: ~10%
Security Sponsor: ~90%
Dev Sponsor: ~40%
Security Sponsor: ~60%
Dev Sponsor: ~80%
Security Sponsor: ~20%
Putting
Power Into
the Hands
of the
Developers
2020 2025
DevelopmentSecurity
10%
20%
30%
40%
50%
100%
90%
80%
70%
60%
The
Market
Shift
Security acts as a gate
for code deployment.
Empower the
developers.
Integrated and
automated end-to-end
quality.
We were
historically successful
selling here.
We are highly
differentiated
in this market.
(They have been
historically ineffective at
truly integrating
into development.)
What Makes a Project Exemplary?
Constructing the Data Set
Small Exemplar
Small development teams (1.6
devs), exemplary MTTU, likely
to be commercially supported
and 4.3x more popular.
Large Exemplar
Large development teams (8.3
devs), exemplary MTTU, likely
to be foundation supported,
2.5x more popular.
Laggard
Poor MTTU, high
stale dependency
count, more likely
to be commercially
supported.
Features First
Frequent releases,
but poor TTU. Still
reasonably popular.
Cautious
Good TTU, but
seldom completely
up to date.
INAIL e la cultura cybersecurity: Sonatype Advanced Development Pack

Weitere ähnliche Inhalte

Was ist angesagt?

Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementSonatype
 
Challenges in Security Testing
Challenges in Security TestingChallenges in Security Testing
Challenges in Security TestingShikha Jarial
 
Introduction to Software Failure Modes Effects Analysis
Introduction to Software Failure Modes Effects AnalysisIntroduction to Software Failure Modes Effects Analysis
Introduction to Software Failure Modes Effects AnalysisAnn Marie Neufelder
 
Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...Ann Marie Neufelder
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Klocwork
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps WorldParasoft
 
A "Firewall" for Bad Binaries
A "Firewall" for Bad BinariesA "Firewall" for Bad Binaries
A "Firewall" for Bad BinariesSonatype
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementSBWebinars
 
Open Source Libraries - Managing Risk in Cloud
Open Source Libraries - Managing Risk in Cloud Open Source Libraries - Managing Risk in Cloud
Open Source Libraries - Managing Risk in Cloud Suman Sourav
 
SanerNow Vulnerability Management
SanerNow Vulnerability ManagementSanerNow Vulnerability Management
SanerNow Vulnerability ManagementSecPod Technologies
 
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOpsDevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOpsSuman Sourav
 
Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge WhiteSource
 
Top Ten things that have been proven to effect software reliability
Top Ten things that have been proven to effect software reliabilityTop Ten things that have been proven to effect software reliability
Top Ten things that have been proven to effect software reliabilityAnn Marie Neufelder
 
10 Steps To Secure Agile Development
10 Steps To Secure Agile Development10 Steps To Secure Agile Development
10 Steps To Secure Agile DevelopmentCheckmarx
 
Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...Ann Marie Neufelder
 
4 approaches to integrate dev secops in development cycle
4 approaches to integrate dev secops in development cycle4 approaches to integrate dev secops in development cycle
4 approaches to integrate dev secops in development cycleEnov8
 
A Successful SAST Tool Implementation
A Successful SAST Tool ImplementationA Successful SAST Tool Implementation
A Successful SAST Tool ImplementationCheckmarx
 
Purpose and-objectives-of-software-testing
Purpose and-objectives-of-software-testingPurpose and-objectives-of-software-testing
Purpose and-objectives-of-software-testingpooja deshmukh
 

Was ist angesagt? (20)

Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain Management
 
Challenges in Security Testing
Challenges in Security TestingChallenges in Security Testing
Challenges in Security Testing
 
Introduction to Software Failure Modes Effects Analysis
Introduction to Software Failure Modes Effects AnalysisIntroduction to Software Failure Modes Effects Analysis
Introduction to Software Failure Modes Effects Analysis
 
Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps World
 
Static code analysis
Static code analysisStatic code analysis
Static code analysis
 
A "Firewall" for Bad Binaries
A "Firewall" for Bad BinariesA "Firewall" for Bad Binaries
A "Firewall" for Bad Binaries
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities Management
 
Open Source Libraries - Managing Risk in Cloud
Open Source Libraries - Managing Risk in Cloud Open Source Libraries - Managing Risk in Cloud
Open Source Libraries - Managing Risk in Cloud
 
SanerNow Vulnerability Management
SanerNow Vulnerability ManagementSanerNow Vulnerability Management
SanerNow Vulnerability Management
 
SecPod Saner
SecPod SanerSecPod Saner
SecPod Saner
 
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOpsDevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
 
Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge 
 
Top Ten things that have been proven to effect software reliability
Top Ten things that have been proven to effect software reliabilityTop Ten things that have been proven to effect software reliability
Top Ten things that have been proven to effect software reliability
 
10 Steps To Secure Agile Development
10 Steps To Secure Agile Development10 Steps To Secure Agile Development
10 Steps To Secure Agile Development
 
Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...
 
4 approaches to integrate dev secops in development cycle
4 approaches to integrate dev secops in development cycle4 approaches to integrate dev secops in development cycle
4 approaches to integrate dev secops in development cycle
 
A Successful SAST Tool Implementation
A Successful SAST Tool ImplementationA Successful SAST Tool Implementation
A Successful SAST Tool Implementation
 
Purpose and-objectives-of-software-testing
Purpose and-objectives-of-software-testingPurpose and-objectives-of-software-testing
Purpose and-objectives-of-software-testing
 

Ähnlich wie INAIL e la cultura cybersecurity: Sonatype Advanced Development Pack

Software reliability engineering
Software reliability engineeringSoftware reliability engineering
Software reliability engineeringMark Turner CRP
 
Rhonda Software Quality Assurance Services
Rhonda Software Quality Assurance ServicesRhonda Software Quality Assurance Services
Rhonda Software Quality Assurance ServicesRhonda Software
 
The forrester wave™ endpoint security software as a service, q2 2021
The forrester wave™  endpoint security software as a service, q2 2021The forrester wave™  endpoint security software as a service, q2 2021
The forrester wave™ endpoint security software as a service, q2 2021Andy Kwong
 
10 things to get right for successful dev secops
10 things to get right for successful dev secops10 things to get right for successful dev secops
10 things to get right for successful dev secopsMohammed Ahmed
 
Better Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousBetter Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousParasoft
 
The Significance of Regression Testing in Software Development.pdf
The Significance of Regression Testing in Software Development.pdfThe Significance of Regression Testing in Software Development.pdf
The Significance of Regression Testing in Software Development.pdfRohitBhandari66
 
CAST for Vendor Monitoring and Control
CAST for Vendor Monitoring and ControlCAST for Vendor Monitoring and Control
CAST for Vendor Monitoring and ControlCAST
 
Standardized Risk Measurement for IT Executives 101
Standardized Risk Measurement for IT Executives 101Standardized Risk Measurement for IT Executives 101
Standardized Risk Measurement for IT Executives 101Konstantin Berger
 
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsWhite Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsSonatype
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Mykhailo Antonishyn
 
Managing Software Risk with CAST
Managing Software Risk with CASTManaging Software Risk with CAST
Managing Software Risk with CASTCAST
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideAryan G
 
Software composition analysis in business 3.pdf
Software composition analysis in business  3.pdfSoftware composition analysis in business  3.pdf
Software composition analysis in business 3.pdfCiente
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - PrintAndrew Kanikuru
 
Driving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareDriving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareParasoft
 
White-Paper-Continuous-Delivery
White-Paper-Continuous-DeliveryWhite-Paper-Continuous-Delivery
White-Paper-Continuous-Deliveryalkhan50
 
OWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference GuideOWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference GuideLudovic Petit
 
Lisa_DiFazio_SQA_Resume
Lisa_DiFazio_SQA_ResumeLisa_DiFazio_SQA_Resume
Lisa_DiFazio_SQA_ResumeLisa DiFazio
 
DevOps for the Discouraged
DevOps for the Discouraged DevOps for the Discouraged
DevOps for the Discouraged James Wickett
 

Ähnlich wie INAIL e la cultura cybersecurity: Sonatype Advanced Development Pack (20)

Software reliability engineering
Software reliability engineeringSoftware reliability engineering
Software reliability engineering
 
Rhonda Software Quality Assurance Services
Rhonda Software Quality Assurance ServicesRhonda Software Quality Assurance Services
Rhonda Software Quality Assurance Services
 
The forrester wave™ endpoint security software as a service, q2 2021
The forrester wave™  endpoint security software as a service, q2 2021The forrester wave™  endpoint security software as a service, q2 2021
The forrester wave™ endpoint security software as a service, q2 2021
 
10 things to get right for successful dev secops
10 things to get right for successful dev secops10 things to get right for successful dev secops
10 things to get right for successful dev secops
 
Better Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousBetter Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to Continuous
 
The Significance of Regression Testing in Software Development.pdf
The Significance of Regression Testing in Software Development.pdfThe Significance of Regression Testing in Software Development.pdf
The Significance of Regression Testing in Software Development.pdf
 
CAST for Vendor Monitoring and Control
CAST for Vendor Monitoring and ControlCAST for Vendor Monitoring and Control
CAST for Vendor Monitoring and Control
 
Standardized Risk Measurement for IT Executives 101
Standardized Risk Measurement for IT Executives 101Standardized Risk Measurement for IT Executives 101
Standardized Risk Measurement for IT Executives 101
 
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsWhite Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.
 
Managing Software Risk with CAST
Managing Software Risk with CASTManaging Software Risk with CAST
Managing Software Risk with CAST
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
 
Software composition analysis in business 3.pdf
Software composition analysis in business  3.pdfSoftware composition analysis in business  3.pdf
Software composition analysis in business 3.pdf
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - Print
 
Driving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareDriving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive Software
 
White-Paper-Continuous-Delivery
White-Paper-Continuous-DeliveryWhite-Paper-Continuous-Delivery
White-Paper-Continuous-Delivery
 
OWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference GuideOWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference Guide
 
Lisa_DiFazio_SQA_Resume
Lisa_DiFazio_SQA_ResumeLisa_DiFazio_SQA_Resume
Lisa_DiFazio_SQA_Resume
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
 
DevOps for the Discouraged
DevOps for the Discouraged DevOps for the Discouraged
DevOps for the Discouraged
 

Mehr von Emerasoft, solutions to collaborate

Percezione Vs Realtà: uno sguardo data-driven sull'OS risk management
Percezione Vs Realtà: uno sguardo data-driven sull'OS risk managementPercezione Vs Realtà: uno sguardo data-driven sull'OS risk management
Percezione Vs Realtà: uno sguardo data-driven sull'OS risk managementEmerasoft, solutions to collaborate
 
webinar LieberLieber & Emerasoft. Verso il DevOps, con i modelli
webinar LieberLieber & Emerasoft. Verso il DevOps, con i modelliwebinar LieberLieber & Emerasoft. Verso il DevOps, con i modelli
webinar LieberLieber & Emerasoft. Verso il DevOps, con i modelliEmerasoft, solutions to collaborate
 
Il DevOps è troppo impegnativo? Keep calm e adotta una DevOps Platform
Il DevOps è troppo impegnativo? Keep calm e adotta una DevOps PlatformIl DevOps è troppo impegnativo? Keep calm e adotta una DevOps Platform
Il DevOps è troppo impegnativo? Keep calm e adotta una DevOps PlatformEmerasoft, solutions to collaborate
 
Gitlab meetup Milano - Focus su Gitlab Devops Platform 27.01.2022
Gitlab meetup Milano - Focus su Gitlab Devops Platform 27.01.2022Gitlab meetup Milano - Focus su Gitlab Devops Platform 27.01.2022
Gitlab meetup Milano - Focus su Gitlab Devops Platform 27.01.2022Emerasoft, solutions to collaborate
 
Cloud Journey e IT Modernization: Da app monolitica a microservizi. vFunction...
Cloud Journey e IT Modernization: Da app monolitica a microservizi. vFunction...Cloud Journey e IT Modernization: Da app monolitica a microservizi. vFunction...
Cloud Journey e IT Modernization: Da app monolitica a microservizi. vFunction...Emerasoft, solutions to collaborate
 
Versioning dei modelli Enterprise Architect. Collaborazione e Standard con Le...
Versioning dei modelli Enterprise Architect. Collaborazione e Standard con Le...Versioning dei modelli Enterprise Architect. Collaborazione e Standard con Le...
Versioning dei modelli Enterprise Architect. Collaborazione e Standard con Le...Emerasoft, solutions to collaborate
 
La Digital Transformation ha un nuovo alleato: Value Stream Management
La Digital Transformation ha un nuovo alleato: Value Stream ManagementLa Digital Transformation ha un nuovo alleato: Value Stream Management
La Digital Transformation ha un nuovo alleato: Value Stream ManagementEmerasoft, solutions to collaborate
 
Inail e la cultura cybersecurity: la Direzione centrale per l’organizzazione ...
Inail e la cultura cybersecurity: la Direzione centrale per l’organizzazione ...Inail e la cultura cybersecurity: la Direzione centrale per l’organizzazione ...
Inail e la cultura cybersecurity: la Direzione centrale per l’organizzazione ...Emerasoft, solutions to collaborate
 
Polarion ALM & Newired: vincere la resistenza culturale in azienda
Polarion ALM & Newired: vincere la resistenza culturale in aziendaPolarion ALM & Newired: vincere la resistenza culturale in azienda
Polarion ALM & Newired: vincere la resistenza culturale in aziendaEmerasoft, solutions to collaborate
 
Costruire una chain of custody del software - una guida per Cto Cio Devops
Costruire una chain of custody del software - una guida per Cto Cio DevopsCostruire una chain of custody del software - una guida per Cto Cio Devops
Costruire una chain of custody del software - una guida per Cto Cio DevopsEmerasoft, solutions to collaborate
 
SCA del Software Open Source: come interpretarlo per evitare problemi di sicu...
SCA del Software Open Source: come interpretarlo per evitare problemi di sicu...SCA del Software Open Source: come interpretarlo per evitare problemi di sicu...
SCA del Software Open Source: come interpretarlo per evitare problemi di sicu...Emerasoft, solutions to collaborate
 

Mehr von Emerasoft, solutions to collaborate (20)

PAnontiDEMO_5 motivi per cui una PA ha bisogno di una DAP
PAnontiDEMO_5 motivi per cui una PA ha bisogno di una DAPPAnontiDEMO_5 motivi per cui una PA ha bisogno di una DAP
PAnontiDEMO_5 motivi per cui una PA ha bisogno di una DAP
 
Percezione Vs Realtà: uno sguardo data-driven sull'OS risk management
Percezione Vs Realtà: uno sguardo data-driven sull'OS risk managementPercezione Vs Realtà: uno sguardo data-driven sull'OS risk management
Percezione Vs Realtà: uno sguardo data-driven sull'OS risk management
 
webinar LieberLieber & Emerasoft. Verso il DevOps, con i modelli
webinar LieberLieber & Emerasoft. Verso il DevOps, con i modelliwebinar LieberLieber & Emerasoft. Verso il DevOps, con i modelli
webinar LieberLieber & Emerasoft. Verso il DevOps, con i modelli
 
ComeToCode 2022 - speech di Emerasoft
ComeToCode 2022 - speech di EmerasoftComeToCode 2022 - speech di Emerasoft
ComeToCode 2022 - speech di Emerasoft
 
Il DevOps è troppo impegnativo? Keep calm e adotta una DevOps Platform
Il DevOps è troppo impegnativo? Keep calm e adotta una DevOps PlatformIl DevOps è troppo impegnativo? Keep calm e adotta una DevOps Platform
Il DevOps è troppo impegnativo? Keep calm e adotta una DevOps Platform
 
Onboarding digitale sulle piattaforme della PA - 13.04.pdf
Onboarding digitale sulle piattaforme della PA - 13.04.pdfOnboarding digitale sulle piattaforme della PA - 13.04.pdf
Onboarding digitale sulle piattaforme della PA - 13.04.pdf
 
Gitlab meetup Milano - Focus su Gitlab Devops Platform 27.01.2022
Gitlab meetup Milano - Focus su Gitlab Devops Platform 27.01.2022Gitlab meetup Milano - Focus su Gitlab Devops Platform 27.01.2022
Gitlab meetup Milano - Focus su Gitlab Devops Platform 27.01.2022
 
Viaggio nel mondo a servizi, come prepararsi per l'avventura
Viaggio nel mondo a servizi, come prepararsi per l'avventuraViaggio nel mondo a servizi, come prepararsi per l'avventura
Viaggio nel mondo a servizi, come prepararsi per l'avventura
 
Cloud Journey e IT Modernization: Da app monolitica a microservizi. vFunction...
Cloud Journey e IT Modernization: Da app monolitica a microservizi. vFunction...Cloud Journey e IT Modernization: Da app monolitica a microservizi. vFunction...
Cloud Journey e IT Modernization: Da app monolitica a microservizi. vFunction...
 
Digitaltogether 2.0 IL MANIFESTO
Digitaltogether 2.0 IL MANIFESTODigitaltogether 2.0 IL MANIFESTO
Digitaltogether 2.0 IL MANIFESTO
 
POLARION by SIEMENS & GITLAB, una coppia vincente
POLARION by SIEMENS & GITLAB, una coppia vincentePOLARION by SIEMENS & GITLAB, una coppia vincente
POLARION by SIEMENS & GITLAB, una coppia vincente
 
Come proteggersi dagli attacchi informatici
Come proteggersi dagli attacchi informaticiCome proteggersi dagli attacchi informatici
Come proteggersi dagli attacchi informatici
 
Versioning dei modelli Enterprise Architect. Collaborazione e Standard con Le...
Versioning dei modelli Enterprise Architect. Collaborazione e Standard con Le...Versioning dei modelli Enterprise Architect. Collaborazione e Standard con Le...
Versioning dei modelli Enterprise Architect. Collaborazione e Standard con Le...
 
La Digital Transformation ha un nuovo alleato: Value Stream Management
La Digital Transformation ha un nuovo alleato: Value Stream ManagementLa Digital Transformation ha un nuovo alleato: Value Stream Management
La Digital Transformation ha un nuovo alleato: Value Stream Management
 
Inail e la cultura cybersecurity: la Direzione centrale per l’organizzazione ...
Inail e la cultura cybersecurity: la Direzione centrale per l’organizzazione ...Inail e la cultura cybersecurity: la Direzione centrale per l’organizzazione ...
Inail e la cultura cybersecurity: la Direzione centrale per l’organizzazione ...
 
Polarion ALM & Newired: vincere la resistenza culturale in azienda
Polarion ALM & Newired: vincere la resistenza culturale in aziendaPolarion ALM & Newired: vincere la resistenza culturale in azienda
Polarion ALM & Newired: vincere la resistenza culturale in azienda
 
Api gitlab: configurazione dei progetti as a service
Api gitlab: configurazione dei progetti as a serviceApi gitlab: configurazione dei progetti as a service
Api gitlab: configurazione dei progetti as a service
 
Smartbear: un framework unico per testare API e UI
Smartbear: un framework unico per testare API e UISmartbear: un framework unico per testare API e UI
Smartbear: un framework unico per testare API e UI
 
Costruire una chain of custody del software - una guida per Cto Cio Devops
Costruire una chain of custody del software - una guida per Cto Cio DevopsCostruire una chain of custody del software - una guida per Cto Cio Devops
Costruire una chain of custody del software - una guida per Cto Cio Devops
 
SCA del Software Open Source: come interpretarlo per evitare problemi di sicu...
SCA del Software Open Source: come interpretarlo per evitare problemi di sicu...SCA del Software Open Source: come interpretarlo per evitare problemi di sicu...
SCA del Software Open Source: come interpretarlo per evitare problemi di sicu...
 

Kürzlich hochgeladen

Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...
Summary  ID-IGF 2016 National Dialogue  - English (tata kelola internet / int...Summary  ID-IGF 2016 National Dialogue  - English (tata kelola internet / int...
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...ICT Watch - Indonesia
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
2024_hackersuli_mobil_ios_android ______
2024_hackersuli_mobil_ios_android ______2024_hackersuli_mobil_ios_android ______
2024_hackersuli_mobil_ios_android ______hackersuli
 
Basic Security.pptx is a awsome PPT on your mobiel
Basic Security.pptx is a awsome PPT on your mobielBasic Security.pptx is a awsome PPT on your mobiel
Basic Security.pptx is a awsome PPT on your mobielpratamakiki860
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...
Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...
Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...Andreas Sfakianakis
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary  IGF 2013 Bali - English (tata kelola internet / internet governance)Summary  IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)ICT Watch - Indonesia
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...vmzoxnx5
 
Tari Eason Warriors Come Out To Play T Shirts
Tari Eason Warriors Come Out To Play T ShirtsTari Eason Warriors Come Out To Play T Shirts
Tari Eason Warriors Come Out To Play T Shirtsrahman018755
 
Power of Social Media for E-commerce.pdf
Power of Social Media for E-commerce.pdfPower of Social Media for E-commerce.pdf
Power of Social Media for E-commerce.pdfrajats19920
 

Kürzlich hochgeladen (13)

Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...
Summary  ID-IGF 2016 National Dialogue  - English (tata kelola internet / int...Summary  ID-IGF 2016 National Dialogue  - English (tata kelola internet / int...
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
2024_hackersuli_mobil_ios_android ______
2024_hackersuli_mobil_ios_android ______2024_hackersuli_mobil_ios_android ______
2024_hackersuli_mobil_ios_android ______
 
Basic Security.pptx is a awsome PPT on your mobiel
Basic Security.pptx is a awsome PPT on your mobielBasic Security.pptx is a awsome PPT on your mobiel
Basic Security.pptx is a awsome PPT on your mobiel
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...
Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...
Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary  IGF 2013 Bali - English (tata kelola internet / internet governance)Summary  IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
 
Tari Eason Warriors Come Out To Play T Shirts
Tari Eason Warriors Come Out To Play T ShirtsTari Eason Warriors Come Out To Play T Shirts
Tari Eason Warriors Come Out To Play T Shirts
 
Power of Social Media for E-commerce.pdf
Power of Social Media for E-commerce.pdfPower of Social Media for E-commerce.pdf
Power of Social Media for E-commerce.pdf
 

INAIL e la cultura cybersecurity: Sonatype Advanced Development Pack

  • 2. 2015 Putting Power Into the Hands of the Developers 2020 2025 DevelopmentSecurity 10% 20% 30% 40% 50% The Market Shift 90% 80% 70% 60% We were historically successful selling here. We are highly differentiated in this market. Security acts as a gate for code deployment. Empower the developers. Integrated and automated end-to-end quality. (They have been historically ineffective at truly integrating into development.) 100% ~60% ~40% ~80% ~20%
  • 3. Making Developer’s Lives Easier CHOOSE THE BEST COMPONENTS Smarter component selection with our new Exemplar ratings for OSS projects. AVOID SUSPICIOUS PACKAGES Decrease the risk of a security breach or defective code by blocking potentially malicious and harmful OSS releases from entering production environments. KNOW WHAT WILL BREAK Fewer breaking changes and policy violations with simple OSS upgrades and insight into level of effort between version migrations. FIX DEPENDENCIES FASTER Improved dependency management with single click upgrades and guidance on when to upgrade a dependency and why.
  • 4. Less rework and maintenance due to higher-quality “pool” of components and contextual understanding of what fits organizational requirements. Improved Project Quality with early warning of suspicious behavior in code and access to components from the best suppliers. Increased Bandwidth and Time to Innovate due to reduction in time spent researching quality OSS components. Decreased “Level of Effort” when upgrading to the next best OSS component with our recommendations and single click migrations. Benefits
  • 6. Capability Overview Transitive SolverBreaking ChangesComponent Chooser Gives a recommended version for the direct dependency which also resolves the transitive dependency without violating policy or breaking builds. Provides teams with data on “what” will break & how much effort it’ll take to upgrade between current & newer versions. Release Integrity Enhances Nexus Firewall’s capabilities to automatically detect & block suspicious and potentially malicious OSS components before they enter the development environment. Fix Faster We’ll suggest the best ways to resolve problems more effectively when they come up. Enables development teams select the highest-quality OSS components for their projects. They can search and compare components based on hygiene ratings (exemplar, laggard, neutral), view additional component insights, and see what’s already being used/approved within their organization. Develop Seamlessly Make better decisions about components being used in the applications.
  • 7. Ratings include: ● Exemplar ● Neutral ● Laggard Select the best quality components based on component cleanliness, committer behavior, etc. Easily compare the viability of different components based on their rating. Showing You Only the Best OSS Components Health & Hygiene Data
  • 8. Early warning and identification of next-gen software supply chain attacks (currently npm only). Avoid threats like typosquatting and malicious code injection. Component risk score to assess level of risk you could take on by choosing that component. Release Integrity with Firewall. Release Integrity
  • 9. Breaking Changes Intelligence Prioritize component upgrades by development effort. Pinpoint simple upgrades and assess upgrade challenges. Quickly find the best version upgrade without “breaking” the project.
  • 10. Transitive Solver Comprehensive view into your open source risk profile. Easily solve for direct and transitive dependency violations without failing builds or violating policies. One-click remediation and improved prioritization.
  • 11.
  • 13. 2015 Dev Sponsor: ~10% Security Sponsor: ~90% Dev Sponsor: ~40% Security Sponsor: ~60% Dev Sponsor: ~80% Security Sponsor: ~20% Putting Power Into the Hands of the Developers 2020 2025 DevelopmentSecurity 10% 20% 30% 40% 50% 100% 90% 80% 70% 60%
  • 14. The Market Shift Security acts as a gate for code deployment. Empower the developers. Integrated and automated end-to-end quality. We were historically successful selling here. We are highly differentiated in this market. (They have been historically ineffective at truly integrating into development.)
  • 15. What Makes a Project Exemplary? Constructing the Data Set Small Exemplar Small development teams (1.6 devs), exemplary MTTU, likely to be commercially supported and 4.3x more popular. Large Exemplar Large development teams (8.3 devs), exemplary MTTU, likely to be foundation supported, 2.5x more popular. Laggard Poor MTTU, high stale dependency count, more likely to be commercially supported. Features First Frequent releases, but poor TTU. Still reasonably popular. Cautious Good TTU, but seldom completely up to date.