This article was originally posted on Medium.
ActiveState recently launched the first feature of our new SaaS Platform: Python Runtime Security. In this 4-part Q&A blog series, ActiveState Chief Technology Officer and VP of Engineering, Scott Robertson, introduces the revolutionary new Platform for open source languages and how it addresses the problems facing enterprises and coders.
ActiveState: Can you provide a birds-eye view of what the Platform is?
Scott: The Platform is our attempt to eliminate every challenge to developing software that isn’t directly related to code. Whenever a developer sets up to build an app or create a project there’s a whole bunch of minutia they go through just to get to the point where they can actually start coding a project - everything from figuring out what dependencies need to be installed, setting up your language, getting your tooling in place. And there’s all these things you tend to forget as a developer when you start working. It can take me three hours to get ready just to start a project.
We’re realizing that a lot of the problems that originate later on in the software development lifecycle happen because of the choices that were made earlier on - particularly ones that developers tend to rush through because they want to get on to the "fun stuff". And so our thought is, if we can build a platform that eliminates all the pains at the beginning of a project and monitors projects throughout the rest of their lives, developers can get to the fun stuff faster and we can make sure things are secure and better-built later on.
ActiveState: What are the benefits later on in production - for DevOps and for DevSecOps?
Scott: You look at a lot of the errors that actually popup further right in the development cycle. They’re because of the choices that were made in the past: What packages do I decide I’m going to run, or use to build my app? What versions are they at? What problems might pop up further on?
For instance, I pick a particular package like OpenSSL which is a dependency that shows up all the time. Whenever that has a security vulnerability in it I need to then address it. A lot of packages I built that are based off of it need to then be rebuilt. And most organizations don’t get around to that because it’s too painful. If we can say without a doubt what’s in production, then we know what needs to be updated and fixed.
ActiveState: Why are you so passionate about this project? You’ve been working on it for a long time. Where does that stem from?
Scott: I like to dabble in a lot of different projects and the more advanced I get in my career the less time I have to dabble in other projects. Sometimes I’ll find a great new open source project and I’ll go check it out. I’ll get started on that project and open up the readme file. And then, four hours later, I’m finally ready to do some actual coding. I’ve followed all the setups but I can’t make any more progress because I’ve run out of time, so that causes frustration. I just want to get to the point where I can help contribute to a project or use it without all the required - seemingly endless - configuration.
ActiveState: This seems like such a common problem. Why hasn't anyone tackled this problem set before?
Scott: It really kind of comes down to two things - especially in the enterprise:
(1) The value of solving challenges for the developer is something that kind of gets overlooked. Companies need to focus on the work that will generate revenue and developers sometimes don’t recognize the severity of this issue. I’ll even point out these issues to our own developers at ActiveState and they’ll say: “No, that’s not an issue.” So then I’ll give them a blank laptop and say "Go try setting this up from scratch". Then they’ll come back & say: "Oh, right. It does take a lot of time. I forgot that it took me five hours to get to this point in the first place."
(2) I think it’s one of those things where ActiveState is uniquely positioned to solve it because of the way our business currently works. We’ve been at build engineering for over 20 years, we’ve seen the struggles our enterprise customers face, we even face them ourselves. And there’s a natural synergy between providing secure and compliant open source languages for the enterprise and going further up into the development lifecycle to solve issues that show up later in the SDLC because of choices made earlier. I don’t know of other organizations that would be positioned to tackle this problem in a way that makes sense.
More to Come
Stay tuned for Part 2 of our Q&A series. Scott outlines his approach to solving three key challenges of the software development lifecycle: creating reproducible builds, managing dependencies and configuring environments. See you next time!