Modern software is increasingly complex, made up of hundreds or thousands of open source components, hidden away in deeply-nested dependency trees. Just how much do we know about these open source components that are an integral part of our products? What are the risks associated with their usage, and our exposure? As an industry, our solution is to build up a robust defense against these perils. Security scans, licence checkers - these help create a walled-garden, but ultimately harms the wider open source ecosystem. In this talk Colin will take a deep dive into a popular open source software product, scrutinising its dependencies and software supply chain. We’ll look at where this code comes from, who authored it and how it is distributed. A key factor contributing to the 2008 financial crisis was our hidden and unwitting exposure to the failing subprime mortgage market. In the recovery from the crash, it took a concentrated effort to identify and unpick the layers of abstraction that hid this exposure. There are certainly parallels to be drawn with the complexity and exposure with open source software. And much like the financial crash, there is no simple solution!
I am CTO at Scott Logic and am a prolific technical author, blogger and speaker on a range of technologies.
My blog includes posts on a wide range of topics, including WebAssembly, HTML5 / JavaScript and data visualisation with D3 and d3fc. You'll also find a whole host of posts about previous technology interests including iOS, Swift, WPF and Silverlight.
I'm board member of FINOS, which is encouraging open source collaboration in the financial sector. I'm also very active on GitHub, contributing to a number of different projects.