Value chain maps for open source ecosystems

Value Chain Maps For Open Source Ecosystems
Verizon | May 10th 2018
by C.A. Corriere | @cacorriere

About Me
Sociotechnological Mathematician at Large
Senior Advocate, In tech for 20+ years
Organizer for devopsdays Atlanta
Organizer for devOps ATL Meetup
Organizer for Map Camp (London)

KEY TAKEAWAYS
●Augment humans with tech instead of replacing them.
●Spend time together. Communicate. Build Trust.
●Work in diverse teams with mutual goals.
●Minimize your threat surface.

WARNING
Watch for Dropping Knowledge.
Take notes.
Look stuff up later.
Try to have fun!

TODAY'S AGENDA
●Act 1 Intro to devOps, Game Theory & Mapping
●Act 2 Security in OSS Ecosystems
●Act 3 What We Can Do

ACT 1 Intro to devOps, Game Theory & Mapping

The Three Ways of DevOps
"The Phoenix Project" by Gene Kim

"Continuous Delivery" by Jez Humble

“Designing Delivery by Jeff Sussna

devOps Defined.
Inclusion
Complexity
Empathy
Culture
Automation
Lean/Learning
Measurement
Sharing

What's Cooler than Being Cool?
ICE CALMS!!!

The sec in devSecOps means the security folks are
explicitly invited to the table.
The Dilemma is the fact the invitation isn't implied.
devOps means us, you, & them.

Stag Hunt is a cooperative Nash Game

Not deductive, not inductive, but abductive logic.
What's most likely to happen?

DevSecOps.png (ht/ @petecheslock)

We often seek simple, linear, causal relationships (owasp top 10) despite being
centered in a complex domain (ASVS).
Cynefin Ontological Sensemaking Framework by Dave Snowden

Some Bad News about Fat-Tailed Distributions
By Skbkekas - Own work, CC BY 3.0, https://commons.wikimedia.org/w/index.php?curid=9649146

Thomas Thwaites & his Toaster Project

Traditional Value
Chain for a technical
need

Simon Wardley, Kaimar Karu, & me
at Lean Agile Scotland 2017

Wardley Map of a technical need

Wardley Map of developer
Feedback

ACT 2 Security in OSS Ecosystems

"If a malicious actor would have scanned and
discovered these issues before Skovoroda, the attacker
could have gained direct "publish access" to 66,876
npm packages, representing nearly 13% of the entire
JavaScript npm ecosystem."

"While Skovoroda discovered credentials that granted
him direct publish access to only 13% of npm
packages,
through dependencies, an attacker would have been
able to spread his malicious code to
about 52% of the entire npm ecosystem."

Sociotechnical systems depend
On 9 Fundamental Human Needs

9 needs x 4 existential catagories = 36 cell matrix
Here's just the 1st row...
Need Being
(qualities)
Having
(things)
Doing
(actions)
Interacting
(settings)
Subsistence physically &
mentally
healthy
food, shelter,
employment
eat, drink,
sleep, work
home,
place of
employment

ERG Theory by Clayton Alderfer

Fundamental Human Needs & ERG Theory have
replaced Maslow's Heirarchy

Don’t separate people with automation. Connect them.
Eric Trist & K. Bamforth (1951).
Some social and psychological consequences of the
longwall method of coal getting

collaborative room & pillar team

Longwall fell into competition & amensalism

Automate as much as possible
so you can respond with agility!!!

Diversity Mitigates Risk
●Tools
●Perspectives
●People

Thanks!
Chris Corriere
Sociotechnological Mathematician @ Large.
@cacorriere

Value chain maps for open source ecosystems

More Related Content

Similar to Value chain maps for open source ecosystems

Recently uploaded

Value chain maps for open source ecosystems