 I work with Sonatype where we have a unique take on automating the software supply chain. And I'm asking you to consider software's next big borrow from traditional manufacturing supply chain management. If you want these slides, please email me in four and a half minutes. Eighty percent of the code in an average application comes from third party components. Twenty-five percent of them contain security and or license risk. Most companies have no way to identify or avoid this risk. Deming said, you must know what to do. These companies don't know what to do. We've got a clear quality problem. And Deming was the father of quality evolution. He started Total Quality Management, which, core to that is supply chain management. Core to supply chain management are three tenets. First being choose fewer and better suppliers. Strive for the shortest list of high quality, fully vetted vendors that you can. From that list of vendors, choose only their best parts. Build quality into your product and it will pay you back throughout its life cycle. Track and monitor what you use and where you use it. In order to maintain quality throughout a product's life cycle, its parts must be tracked and monitored. With the software supply chain, we leverage these same three tenets, only with a software slant and an additional very significant addition, automation. For these principles to be effective in software, they have to keep pace with continuous delivery and must be automated. As we look at our vendors, we need to know more about the groups behind the open source projects. How often do they release, how secure is their code, how popular is their code? Just because it's free doesn't mean it's good. Most components have many versions. Most developers don't pay attention. Newer versions are usually safer. It's easy to find these versions if you look. Pick the best ones first. Don't fix it later. We track our software with a bill of materials showing what's used in each application and the quality. This is only a snapshot in time. We still need to monitor. Over time, new vulnerabilities arise. We need to fix them fast. Automation is absolutely necessary. Manual methods are outdated because they're slow and error prone. They expose you and your customers to risk. Fix that risk by automating. So what's all this about? Why should I really care? The benefits are obvious. It starts with unplanned, unscheduled work. Everyone in DevOps agrees nothing's worse than this. By bringing quality earlier into your process, you eliminate a lot of the waste and the expense of unplanned, unscheduled work. We all know that over time, a defect costs more to fix. By adopting these principles, we eliminate rework or we eliminate technical debt before it becomes technical debt. Ultimately lowering your overall cost of development. Who doesn't want that? The collaborative culture that we strive for in DevOps is supported by supply chain management. Helping developers make better decisions up front fosters that quality first mindset needed for rugged applications. Let's look at an example. The Volt versus the Prius should be used twice, or excuse me, six times as many vendors as Toyota. Well, they still built over half the car themselves. That's twice as much as Toyota. Their supply chain discipline speaks for itself. Toyota owns that market. Now we're back to Deming's quote, only now you know what to do. Dive into these principles, make them your own. If anyone's still doubting, here's another Deming quote. Change is not necessary. Survival is not mandatory. I'm not trying to be coy about this, but I am trying to say, learn more about managing your software supply chain. Email me if you'd like these slides. If you'd like to talk more, catch me after this. Thank you.