I will describe the results from the latest Sonatype State of the Software Supply Chain Report. In this annual research project, we do a deep dive into open-source software security, quality, and usage, examining both the supplier and consumer sides of the open-source ecosystem. I will cover the latest results regarding primary contributors open source risk, how the industry is managing that risk, and best practices for coping with emerging supply chain threats.
Dr. Stephen Magill was the CEO and co-founder of MuseDev and is now VP of Product Innovation at Sonatype. He has spent his career developing tools to help developers identify errors, gauge code quality, and detect security issues. Stephen has led multiple large-scale research initiatives including DARPA projects on privacy, security, and code quality. He also served as research lead for the 2020 and 2021 State of the Software Supply Chain reports. Dr. Magill earned his Ph.D. in CS from Carnegie Mellon University and his BS from the University of Tulsa. He is a member of the University of Tulsa Industry Advisory Board and has served on numerous program committees and funding panels.