With increasing use of open source software, with a well-managed supply chain According to Nureen, a secure software delivery pipeline is essential to business success. Capital Ones leader, D’Souza Open Source Program Office The speaker of cdCon2022.
“It’s important to implement a company-wide culture with rooted security. Developers focus on innovation and value-added features, not software maintenance Housework, “said D’Souza.
Capital One first created open source as part of a decade of technology transformation Declaration of 2015. “Today, our modern architecture is available to Capital One. Accelerate delivery by leveraging global innovation and collaborating A software-building approach, “says D’Souza.
The biggest challenge in managing the software supply chain is managing to keep growing. According to D’Souza, the amount of tools, languages, frameworks, and connection methods. In these complexity, Capital One is standardized, automated, and Incorporated ecosystem sustainability into the Charter of the Open Source Program Office.
According to D’Souza, Capital One is used, launched, Responsibly maintain and contribute to open source software.These standards are Developers with guardrails enhance proper operation.
“Establish a well-managed process for security, compliance, privacy and transparency It’s essential for open source software development, “says D’Souza.
Applications need protection to protect them from malicious attackers and compliance policies. Check compliance with the control.Organizations can also protect sensitive information by establishing it. Privacy standards.Properly managed to make software behavior observable and verifiable Processes can ensure application health and security through metadata.
D’Souza also emphasizes the importance of automating DevSecOps I left security in the development process. She emphasizes these important principles:
- Policy: Automate and open the policy at the beginning of the development process Easy-to-use source software.
- Orchestration: Create an orchestration of repeatable tasks to maintain your infrastructure Version upgrades, new patches, etc.
- Practical insights: Create an application inventory or software bill of materials, The developer knows what each release build is.
- Code Review: Design an automated code review process to improve the quality of your code Before it was released.
- Requirements: Automate all functional and non-functional requirements.
“We can mitigate risk by automating different tasks throughout the software delivery pipeline,” he said. D’Souza.
Open source software brings tremendous value to technology companies. Share the cost of creating and maintaining your core infrastructure.These important persistences Assets require a large number of talented contributors to form a fostering community.
To maintain this ecosystem, D’Souza, The company relies on and contributes to these projects maintained by the Foundation. “this is It’s a great way to solve problems all at once, “she said. D’Souza also emphasized the importance Contributes upstream so that it does not react to downstream issues.
The Capital One team has released more than 25 open source projects, With 2,000 contributions to about 100 different projects on which the company depends It works collectively to solve software supply chain problems.
“All this work helps improve the developer experience by allowing engineers to focus. What they are best at, “said D’Souza.
How Capital One is strengthening its software supply chain
Source link How Capital One is strengthening its software supply chain