Some might hate me for saying it, but DevOps can sometimes be a bit of a politics game. When you’re working deep in the trenches, it can be difficult to convince upper management on where you should be spending your time in terms of new functionality and never-ending bug fixes.
Yesterday during a RSA 2016 session on rugged DevOps, I learned about a neat web utility from Joshua Corman (@joshcorman), CTO of Sonatype, a company that focuses on software supply chain management. He’s also a great person to follow if you’re looking to learn more about DevOps and security best practices.
This free online calculator helps calculate developmental waste in your projects. Corman described that today’s software development is similar to a supply chain, where software is built with several different components. Sonatype states that the challenge is “knowing which components you are using, where they are used and which ones have security vulnerabilities, license or quality issues.”
To better understand this, you can play around with the calculator to interpret how much technical debt you’re racking up for these security vulnerabilities. It’s common to hear management or clients that demand new functionality, while fixes are put on the backburner. But with this free tool, you at least have some numbers to put things into perspective and engage in a thoughtful discussion on what needs to change. I hope that this tool sparks some valuable discussion where quality, security, and agility can be improved for your products and services.
Stay tuned for more updates from RSA 2016. Feel free to let me know your thoughts about this tool in the article comments or reach out via Twitter (@blair_greenwood).