Go to DBLP homepageTrusted Software Supply Chain
Abstract: Modern software delivery happens in a geographically distributed environment and resembles like a supply chain - consists of various participants, involves various phases, needs adherence to multiple regulations and needs to maintain artifacts' integrity throughout the delivery phases. This shift in software development brings along with it several challenges ranging from communication of information/knowledge, coordination and control of teams, activities adhering to goals and policies and artifacts adhering to quality, visibility, and management. With the dispersion of centralized control over software delivery to autonomous delivery organizations, the variety of processes and tools used turns transparency into opacity as autonomous teams use different software processes, tools, and metrics, leading to issues like ineffective compliance monitoring, friction prone coordination, and lack of provenance, and thereby trust. In this paper, we present a delivery governance framework based on distributed ledger technology that uses a notion of `software telemetry' to record data from disparate delivery partners and enables compliance monitoring and adherence, provenance and traceability, transparency, and thereby trust.
Loading