Techly NewsGet the app

Get the latest tech news

I am not a supplier (2022)


For the past few years, we have seen a lot of discussions around the concept of the Software Supply Chain. These discussions started around the time of LeftPad and escalated with multiple incidents in the past few years. The problem of all the work in this domain is that it forgets a fundamental point.

A modern software project will probably have hundreds if not thousands of these dependencies, from OpenSSL to a test framework or a datepicker, across a wide spectrum covering things like a JSON encoder/decoder library or even the libc of the OS it is deployed on. Inside this model we will find tools that help manage it, like a Software Bill Of Materials (SBOM) that is supposed to hold the information of what libraries are used for this project, where they were found, which version, some hash of the content, etc. A version of this problem happened early in the work to deliver the vaccine for the Covid19, when supply chain specialists realised they would need a lot more glass vials than could be produced in a year worldwide.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of supplier

supplier

Related news:

News photo

Several Anker power bank models recalled: Supplier's batteries pose fire hazard

News photo

Intel uncovers alleged embezzlement involving former employee and supplier | An insider and an outside allegedly colluded to embezzle over $840,000 from Intel.

News photo

Report: Apple Close to Selecting Supplier for Foldable Display

« watchOS 26 adds ‘hints’ to your watch face, and they look pretty great
Nintendo Switch 2 sales reach another record-breaking milestone »