3 Reason Why I'm Excited for Red Hat Summit
By Curtis Yanko
2 minute read time
As a long time conference attendee and sometimes speaker I always get especially excited for Red Hat summit. Maybe it's because I have always admired Red Hat the company and have been a fan of many of their technology solutions or maybe it's because I often see a lot of folks I know!
This year though is especially exciting for me because in my new role at Sonatype I help manage our emerging relationship/partnership with Red Hat and we have some exciting things to share. SPOILER ALERT: Be on the lookout for a press release announcing Nexus Repository Manager being recognized as a certified OpenShift solution.
Perhaps most importantly though, I'm excited about our emerging partnership with Red Hat because our two companies have some shared passion for software hygiene. At Sonatype, the leader in software supply chain automation, we are intensely focused on helping our customers to choose, and use, only the best open source components from the best open source projects. A few years ago our CEO, Wayne Jackson, authored a paper entitled, Open Source Needs Help. This was the first quantitative assessment of the software ecosystem that we knew of at the time. In assessing the ecosystem we were focused on mean time to remediate (MTTR) or essentially how long it took projects to fix their know security issues in their projects or one of it's dependencies. The results were illuminating and the summary is as follows. On average projects needed ~300 days to remediate to fix these issues! If we looked at just level 10 defects (as bad as it gets) the average dropped to 224 days. Ok, not very good and why we felt open source needed help. But the real story here was a statistical outlier in JBoss. Their remarkable attention to these issues saw them produce and incredible MTTR of less than 1 week! No one else was even close.
I see Red Hat as a world class supplier of software, quite possibly the most robust stack you could be using at the OS and middleware layers in my opinion. At Sonatype, we feel that if we can help our customer apply that same level of diligence at the application layer then they'll have the most secure and comprehensive solution available. A weakness in any one layer weakens the entire stack so no matter how good Red Hat is, if you deploy an app with the newish struts2 vulnerability on top of it, all is for naught.
Secondly, summit affords me an opportunity to connect with and compare notes with you to better understand your journey to the cloud and containers. In turn, I can share how Nexus is adding value to OpenShift by helping Red Hat 'shift left' and engage more readily with the developer tribe and the LOB's they work for. This is our first year as a sponsor of summit so be sure to visit us at booth #306 to see first hand how our component intelligence platform enable developers, and all stakeholders on the delivery team, to ensure the quality and security of their open source components at any stage in the application development lifecycle. Remember, on average 80% of your application is made up of open source components.
Lastly is simply that I'm a social person and I love large gatherings of people. I look forward to having some fun and casual conversations with you, customers and friends, at our awesome luncheon about containers, clouds and DevSecOps transformations. It's an exciting time to be in IT and I'm excited to be a part of a team that is helping delivery teams to go fast, and be safe. I hope I see you there.
Written by Curtis Yanko
Curtis Yanko is a Sr Principal Architect at Sonatype and a DevOps coach/evangelist. Prior to coming to Sonatype Curtis started the DevOps Center of Enablement at a Fortune 100 insurance company and chaired a Open Source Governance Committee. When he isn’t working with customers and partners on how to build security and governance into modern CI/CD pipelines he can be found raising service dogs or out playing ultimate frisbee during his lunch hour. Curtis is currently working on building strategic technical partnerships to help solve for the rugged devops tool chain.
Explore All Posts by Curtis Yanko