The lowly chevron has been traced back as far as 1800 Before Christ. It keeps automobiles two spaces apart, roofs on houses in France, has a sign of the zodiac (Capricorn) and appeared on the shields of the Spartans. It’s a busy little character.
But I remember chevrons from business school and those lessons about supply chain and the excellence of Japanese manufacturing companies where the stock carried itself in the door seconds before it was required. A picture something like below must haunt all business graduates, like the ghost of Adam Smith (who incidentally, expressed regret on his death bed that he “hadnt achieved more!”)
My current obsession with the little chevron is to do with the software supply chain.
As we move through this period of digital transformation we see greater demand for software and many more non-technical companies providing software as part of their solution. But it does feel that we (as a business community) are getting excited by the shiny new toys and forgetting the management components of the supply chain. Excuse me for getting a little academic here, but there is a full list of 8 considerations from Lambert and Cooper (2000), but due to an acute aversion to long academic lists, I’m going to pick on 3.
Planning and control – this just screams to me “know your risks”. The text talks about “identifying the supply chain members” and frankly how many companies look at their outsourced software provider as part of their supply chain? Answer: not many enough! Remember the further right you move in the supply chain you move, the greater the “exposure”. Isn’t that right KFC?
Information flow structure – a good supply chain has information flowing in both directions and the critical points are the links between the supply chain members (remember that from business school?) And yet, we accept software delivered in a nice black box, time and time again. (sigh). Ask for a complete software composition analysis and risk assessment.
Culture and attitude – work with people with whom you share principles. If you ask your supply chain for greater clarity and they grumble, maybe it’s time to change software supplier. We need a resilient supply chain who are all bought into our success. Anything else is just absorbing everybody else’s risk!
If you are supplying software, I would encourage you to consider yourself as part of an extended enterprise. You CAN add more value and look thoroughly spectacular to your customers.
But much more importantly, if you are on the receiving end; consider your software supply chain carefully and ask more questions. We recommend processes which conform with the Linux Foundation’s OpenChain Definition
and software composition analysis tools to help customers understand:
· the software components in use
· any known security, operational and licensing risks.
What have you got to lose?
Well, in 2013, Mossack Fonseca lost 11.5m files (2.6 terabytes) from their database, resulting in the Panama Papers scandal which implicated world leaders and, unbelievably, that angelic of organisations UEFA. According to Wired, the all-exposing hack was through a portal running on Drupal which was not updated for 3 years.
The chevron of blame may point to another organisation in the supply chain, but the shame resides with the law firm who provided a "secure online account" allowing customers to access "corporate information anywhere and everywhere". Adam Smith would be turning in his grave!
References:
Chevron - https://en.wikipedia.org/wiki/Chevron_(insignia)
Chevron - https://www.merriam-webster.com/dictionary/chevron
Martha C. Cooper, Douglas M. Lambert and Janus D. Pagh, "Supply Chain Management: More Than a New Name for Logistics," The International Journal of Logistics Management, Vol. 8, No. 1, 1997, pp. 1-14; Douglas M. Lambert, Martha C. Cooper and Janus D. Pagh, "Supply Chain Management: Implementation Issues
http://www.wired.co.uk/article/panama-papers-mossack-fonseca-website-security-problems