PLAY PODCASTS
Ep122: Securing the Software Supply Chain - How Sonatype Protects Developers in the Age of AI
Episode 122

Ep122: Securing the Software Supply Chain - How Sonatype Protects Developers in the Age of AI

AWS for Software Companies Podcast · Nate Goyer

July 23, 202519m 54s

Audio is streamed directly from the publisher (rss.art19.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Show Notes

Chief Product Development Officer Mitchell Johnson discusses how Sonatype protects enterprise developers from malicious open source components while keeping them productive through AI.

Topics Include:

  • Sonatype provides software supply chain solutions for enterprises using open source components
  • They serve large enterprises, government agencies, and critical infrastructure providers globally
  • Main challenge: keeping developers productive while maintaining secure software supply chains
  • Cybercrime and supply chain attacks are massive, growing industries threatening developers
  • AI adoption is happening faster than expected, profoundly changing development workflows
  • Bad actors evolved from waiting for vulnerabilities to creating malicious components
  • Malicious open source components specifically target developer and DevOps toolchains
  • Sonatype's security research team uses AI/ML to analyze every open source component
  • They can predict and block malicious components before entering customer environments
  • AWS partnership helps Sonatype meet customers where they want to do business
  • Partnership focuses on go-to-market alignment, not just technical integration
  • AWS sales teams should be treated as extensions of your own sales organization
  • Understanding AWS sales structure and incentives is crucial for successful partnerships
  • AI development is following same pattern as open source adoption twenty years ago
  • "Shadow AI" parallels the earlier "shadow IT" trend with open source software
  • AI speeds up code generation but security review processes haven't kept pace
  • Developers need a "Hippocratic Oath" - taking responsibility for AI-generated code output
  • Within 24 months, professionals not skilled in AI will struggle to stay relevant
  • Sonatype's culture encourages curiosity, experimentation, and accepts failure as part of innovation
  • Their core mission: help developers focus on innovation, not security chores


Participants:


Further Links:


See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Topics

cloud computing providersawsAmazon.comcloud servicesAmazoncloud computingcloud serviceAI#AWSforSoftwareGenerative AIAgentic AI
← All episodes of AWS for Software Companies Podcast