Thoughtworks, a global technology consultancy that integrates strategy, design and engineering to drive digital innovation, today released Volume 26 of the Technology Radar, a biannual report informed by Thoughtworks’ observations, conversations and frontline experience solving its clients’ toughest business challenges.
While the concept of securing the software supply chain has been around for a few years, one of the major themes of the report is how there are now practical steps for businesses in the pathway to highly secure software in production and beyond.
In May 2021, the U.S. White House published its Executive Order on Improving the Nation’s Cybersecurity. One section addresses enhancing software supply chain security. Realizing it’s no longer sufficient to only write secure code, businesses are now expanding their understanding of the security risks throughout the entire software supply chain and investing in more responsible engineering practices, including validating and governing project dependencies. Checklists and standards such as the Supply chain Levels for Software Artifacts (SLSA) are new entries to this edition of the Radar, demonstrating that there are now pragmatic tools that are taking how to address this issue beyond the theoretical.
“A confluence of events — whether public instances of severe, brand-impacting breaches or government mandates — has increased the emphasis businesses are placing on understanding the complexity and the breadth of the ecosystem involved in the software supply chain. While many organizations focus on systems in production, it is just as critical to place the same strong level of controls on testing, sandbox and cloud environments. While it’s a daunting proposition, there are now concrete tools and engineering practices to help businesses manage and automate supply chain security as they work to keep their systems highly secure”, said Dr. Rebecca Parsons, chief technology officer at Thoughtworks.
“The Thoughtworks Romanian team managed to place our country on the global map of technology, contributing with 10 blips to the latest Volume of Technology Radar. These include CDKTF, The Composable Architecture, Android Gradle plugin – Kotlin DSL, focused on mobile application development and software infrastructure. The Blip related to SBOM (Software Bill of Materials) is a formal list detailing how the tools, frames and other components used in software development are interconnected.
For me, since the Jetpack bookstore suite was launched, it has become a pleasure to work with certain components that were previously harder to reach or even unavailable.
The Thoughtworks Romania team has been guided for the last 17 years by the most fervent supporter of the Tech Radar report, Răzvan Lazăr, Head of Technology, whose involvement, dedication and exemplary professionalism have played an essential role in including the blips proposed by us in the report,” said Mihai Petrescu, Principal Mobile Consultant, Thoughtworks Romania.
Highlighted themes included in Technology Radar Vol. 26 include:
- Software supply chain innovations: Hackers are increasingly taking advantage of the asymmetrical nature of offense and defense in the security arena — they only need to find one vulnerability, whereas defenders must secure the entire attack surface — while employing increasingly sophisticated hacking techniques. Improved supply chain security is a critical piece of the response as businesses work to keep systems secure.
- The bizarre bazaar: The changing economics of open-source software Open-source software improves developer agility and crowdsources both bug fixes and innovation. The many different approaches to commercialization of and support for open-source software demonstrate the immense economic complexity of the current ecosystem.
- Why do developers keep implementing state management in React?: Typically after a foundational framework becomes popular, it’s followed by a raft of tools creating an ecosystem for improvements and enhancements and ends with consolidation around a few popular tools. However, React state management seems resistant to this common tendency.
- The neverending quest for the master data catalog: The desire to get more value out of corporate data assets continues to drive investment. A renewed interest in corporate data catalogs is leading to a surge of clever new tools with expanding feature sets that address governance, quality management and publishing. In contrast to this trend, there is also a growing movement away from centralized, top-down data management and toward federated governance and discovery based on a data mesh architecture.