Modern software is increasingly complex, made up of hundreds or thousands of open source components, hidden away in deeply nested dependency trees. Just how much do we know about these components that are an integral part of our products? What are the risks associated with their usage, and our exposure?
In this talk, Colin takes a closer look at the make-up of modern software supply chains. He examines where this code comes from, who authored it and how it is distributed, ultimately asking the question, “Is this sustainable?”
This problem is growing; to solve it, we need a reset in how we view this precious and fragile asset. Grass-roots activism can only go so far; to really make a difference, large corporations need to wake up to their responsibility and make genuine commitments.