Excellent article! Understanding the historical progression of software/systems architecture through virtual machines, cloud computing, Docker, and Kubernetes is crucial in understanding today's multi-cloud environment.
Until companies from IaaS providers to software development (db or application) houses really come to grips with supply chain risk management and full asset inventories that can be ingested and interrogated with open standards-based tools...security has a long way to go. Push a vendor to truly meet NIST 800-53 Rev 5 SR family of controls and watch their legal and IP stewards go apoplectic.
You're absolutely right, software supply chain security/SBOM and federal standards compliance are way too hard and too fragmented these days. I only see it getting harder in a world of modernized micro (nano?) services. Lots of opportunity for enterprising startups in this space to make it more do-able.
Excellent article! Understanding the historical progression of software/systems architecture through virtual machines, cloud computing, Docker, and Kubernetes is crucial in understanding today's multi-cloud environment.
Thanks Thanos - appreciate the review!
Until companies from IaaS providers to software development (db or application) houses really come to grips with supply chain risk management and full asset inventories that can be ingested and interrogated with open standards-based tools...security has a long way to go. Push a vendor to truly meet NIST 800-53 Rev 5 SR family of controls and watch their legal and IP stewards go apoplectic.
You're absolutely right, software supply chain security/SBOM and federal standards compliance are way too hard and too fragmented these days. I only see it getting harder in a world of modernized micro (nano?) services. Lots of opportunity for enterprising startups in this space to make it more do-able.