Opinions

Software Supply Chain: Security, Efficiency, And Climate Change

Share this article

Share this article

Opinions

Software Supply Chain: Security, Efficiency, And Climate Change

Share this article

In the wake of COP26 many decision-makers will be rethinking their business processes to be a bigger part of the solution, and a smaller part of the problem of human-made climate change.

Whilst humanity’s technologies have caused our global challenges, even more innovative technologies will be part of the solution. More efficient technology has a huge part to play in reducing resource consumption and depletion, and impacts on climate change. Additionally, it’s just good business sense to make better and more efficient services fitted for the modern technology stack, consumer and enterprise expectations, and to the business budget over the long term.

The answers are straightforward, but the execution requires skilled and focussed developers collaborating across teams and organisations.

  • The world needs carbon efficient applications better using resources.
  • We need data centres and cloud delivery to be efficient as well as effective.
  • Businesses want to ship quality and efficient code and services, fast, so must better understand the design, build, and collaboration process of continuous integration/ continuous delivery.

There is much talk of making the supply chain more sustainable, but less understanding that the supply chain problem applies to software, too. It includes anything that impacts an application from development through production. In modern software development, very little of an application is built by in-house engineers writing custom code. Rather, apps are stitched together by combining pre-existing code libraries collected from across the internet: a supply chain of code.

This plug-and-play model is widely used across the globe. That’s why it’s no surprise that in the past year alone, modern software supply chain attacks have increased by 650%. The most common type of attack? “Dependency confusion” - when an automated software development tool is updating the dependencies it relies on and the software installer is duped into downloading a malicious package from a public repository. Dependencies allow engineers to move fast but very few people are stopping to think about whether their dependencies are secure.

The mountain of dependencies that software teams rely on has become so vast and complex that vulnerabilities like this get missed. Even the most gifted engineers cannot comprehend all of the components and moving parts that go into the products they build, yet they’re still expected to deliver software incredibly fast with no bugs. How can any engineering team, any business, do that without understanding what’s going on under the hood?

At the center of all this is continuous integration/continuous delivery (CI/CD), the key that unlocks agility for organisations. Business sectors can only power their innovation by automating build, test and delivery processes so teams can ship software faster and safer - meaning businesses can adapt and overcome challenges faster, like integrating new suppliers, assisting customers with changing needs, or making climate monitoring and altering technologies.

It’s the way to support better code: More secure, more energy and resource efficient, and able to take on more challenges, some of which will be overcome by technologies not even dreamt of yet.

Rob Zuber js CTO of CircleCI.

Related Articles
Get news to your inbox
Trending articles on Opinions

Software Supply Chain: Security, Efficiency, And Climate Change

Share this article