Ep122: Securing the Software Supply Chain - How Sonatype Protects Developers in the Age of AI

Chief Product Development Officer Mitchell Johnson discusses how Sonatype protects enterprise developers from malicious open source components while keeping them productive through AI.Topics Include:Sonatype provides software supply chain solutions for enterprises using open source componentsThey serve large enterprises, government agencies, and critical infrastructure providers globallyMain challenge: keeping developers productive while maintaining secure software supply chainsCybercrime and supply chain attacks are massive, growing industries threatening developersAI adoption is happening faster than expected, profoundly changing development workflowsBad actors evolved from waiting for vulnerabilities to creating malicious componentsMalicious open source components specifically target developer and DevOps toolchainsSonatype's security research team uses AI/ML to analyze every open source componentThey can predict and block malicious components before entering customer environmentsAWS partnership helps Sonatype meet customers where they want to do businessPartnership focuses on go-to-market alignment, not just technical integrationAWS sales teams should be treated as extensions of your own sales organizationUnderstanding AWS sales structure and incentives is crucial for successful partnershipsAI development is following same pattern as open source adoption twenty years ago"Shadow AI" parallels the earlier "shadow IT" trend with open source softwareAI speeds up code generation but security review processes haven't kept paceDevelopers need a "Hippocratic Oath" - taking responsibility for AI-generated code outputWithin 24 months, professionals not skilled in AI will struggle to stay relevantSonatype's culture encourages curiosity, experimentation, and accepts failure as part of innovationTheir core mission: help developers focus on innovation, not security choresParticipants:Mitchell Johnson – Chief Product Development Officer, SonatypeFurther Links:Sonatype WebsiteSonatype on AWS MarketplaceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

There are no comments yet.

Please log in to write the first comment.