TNS
SUBSCRIBE
Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development.
REQUIRED
 
It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription.
Welcome and thank you for joining The New Stack community!
Please answer a few simple questions to help us deliver the news and resources you are interested in.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Great to meet you!
Tell us a bit about your job so we can cover the topics you find most relevant.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Welcome!

We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.

What’s next?

Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.

Become a TNS follower on LinkedIn.

Check out the latest featured and trending stories while you wait for your first TNS newsletter.

PREV
of
NEXT
VOXPOP
Terraform or Bust?
Has your organization used or evaluated a Terraform alternative since new restrictions were placed on its licensing?
We have used Terraform, but are now piloting or using an open source alternative like OpenTofu.
0%
We never used Terraform, but have recently piloted or used alternatives.
0%
We don't use Terraform and don't plan to use or evaluate alternatives.
0%
We use Terraform and are satisfied with the results
0%
We are waiting to see what IBM will do with Terraform.
0%
 
Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
How Giant Swarm Is Helping to Support the Future of Flux
Apr 22nd 2024 7:59am, by Heather Joslyn
What’s Next for Companies Built on Open Source?
Apr 18th 2024 7:13am, by Heather Joslyn
Your Engineering Organization Is Too Expensive
Apr 17th 2024 11:19am, by Luca Galante
Tetrate Enterprise Gateway for Envoy Graduates
Apr 10th 2024 9:00am, by Steven J. Vaughan-Nichols
The Open Source Market’s in Flux. How Can IT Managers Cope?
Apr 8th 2024 10:57am, by Joe Fay
Kubernetes Gets Back to Scaling with Virtual Clusters
Apr 25th 2024 7:01am, by Alex Williams
What Does WebAssembly Mean for the Server and GenAI?
Apr 23rd 2024 10:03am, by Ryan Wallner
How to Use Low-CVE Chainguard Container Images on Docker Hub
Apr 19th 2024 8:04am, by B. Cameron Gain
Kubernetes vs. YARN for Resource Management: How to Choose
Apr 10th 2024 8:16am, by Jacob Simkovich
Use Podman to Create and Work with Virtual Machines
Apr 6th 2024 6:00am, by Jack Wallen
Ambient AI? Humane's 'Ai Pin' Embarks on a Dream's Long Road
Apr 21st 2024 6:00am, by David Cassel
Chipmakers Putting a Laser Focus on Edge AI
Apr 12th 2024 10:06am, by Jeffrey Burt
The Future of AI: Hybrid Edge Deployments Are Indispensable
Mar 22nd 2024 10:00am, by Luis Ceze
How RapidAI Uses Edge, Kubernetes and AI to Boost Stroke Care
Mar 15th 2024 10:30am, by Charles Humble
Trusted Boot: What to Know About Securing Devices at the Edge
Mar 14th 2024 7:15am, by Ettore di Giacinto
API Design Is Pretty Bad — Here's How to Fix It
Apr 3rd 2024 6:01am, by Lebin Cheng
Will Spotify Open Source its Microservices Framework?
Apr 2nd 2024 7:45am, by Loraine Lawson
Enhancing Business Security and Compliance with Service Mesh
Apr 1st 2024 10:00am, by Ninad Desai
10 Ways Kubernetes Observability Boosts Productivity, Cuts Costs
Mar 27th 2024 6:08am, by Eric Schabell
Evolve Manual and Templated Dockerfiles with Automation
Mar 26th 2024 10:33am, by Rak Siva
Guider Daemon Automates Linux Performance Monitoring
Apr 19th 2024 11:16am, by Joab Jackson
Enhancing Kubernetes Network Security with Microsegmentation
Apr 11th 2024 6:23am, by Dhiraj Sehgal
Tetrate Enterprise Gateway for Envoy Graduates
Apr 10th 2024 9:00am, by Steven J. Vaughan-Nichols
Zero Trust for Legacy Apps: Load Balancer Layer Can Be a Solution
Apr 10th 2024 7:22am, by Prabhat Dixit
How Observability Is Different for Web3 Apps
Mar 15th 2024 12:00pm, by Sarah Morgan
How to Conquer Cold Starts for Better Performance
Apr 25th 2024 9:17am, by Henry Hamid Safi
Meet DBOS: A Database Alternative to Kubernetes 
Mar 12th 2024 4:00am, by Joab Jackson
Pulumi Templates for GenAI Stacks: Pinecone, LangChain First
Feb 21st 2024 9:00am, by Joab Jackson
CNCF CloudEvents: A Li'l Message Envelope That Travels Far
Jan 31st 2024 4:00am, by Joab Jackson
Bringing the AWS Serverless Strategy to Azure
Jan 19th 2024 6:00am, by Rak Siva
Valkey: A Redis Fork With a Future
May 2nd 2024 7:50am, by Alex Williams
How to Get Peak Performance without a Vast Amount of Memory
Apr 9th 2024 10:17am, by Behrad Babaee
From Postgres to ScyllaDB NoSQL, with a 349x Speed Boost 
Apr 1st 2024 11:27am, by Cynthia Dunlop
The Architect’s Guide: A Modern Data Lake Reference Architecture
Mar 26th 2024 9:17am, by Keith Pijanowski
Cloud Data Migration or Cloud Data Tiering?
Mar 25th 2024 10:00am, by Kumar Goswami
AI Large Language Models Frontend Development Software Development API Management Python JavaScript TypeScript WebAssembly Cloud Services Data Security
How Mobile App Quality Can Be Improved With AI
May 2nd 2024 10:05am, by
5 Lessons From LinkedIn’s First Foray Into GenAI Development
May 2nd 2024 3:00am, by
RecurrentGemma: An Open Language Model For Smaller Devices
May 1st 2024 12:30pm, by
API Trends: Platform Engineering, the Unbundling and AI’s Role
May 1st 2024 10:58am, by
3 Reasons Data Engineers Are the Unsung Heroes of GenAI
May 1st 2024 10:00am, by
5 Lessons From LinkedIn’s First Foray Into GenAI Development
May 2nd 2024 3:00am, by
RecurrentGemma: An Open Language Model For Smaller Devices
May 1st 2024 12:30pm, by
Improving LLM Output by Combining RAG and Fine-Tuning
Apr 30th 2024 10:50am, by and
How To Control Access in LLM Data Plus Distributed Authorization
Apr 30th 2024 9:49am, by
WebAssembly, Large Language Models, and Kubernetes Matter
Apr 30th 2024 7:51am, by
Automatically Generate Types for Your PostgreSQL Database
May 1st 2024 7:00am, by
Ryan Dahl: From Node.js and Deno to the ‘Modern’ JSR Registry
May 1st 2024 6:00am, by
Node.js 22 Release Improves Developer Experience
Apr 30th 2024 11:10am, by
How to Stop Duplicate Orders in Web Applications
Apr 29th 2024 10:23am, by
Coding Test for Llama 3: Implementing JSON Persistence
Apr 27th 2024 5:00am, by
How Mobile App Quality Can Be Improved With AI
May 2nd 2024 10:05am, by
Flaw in R Creates Supply Chain Security Risks
May 2nd 2024 7:06am, by
Golang: How To Use the Go Install Command
May 1st 2024 5:00pm, by
Spring Forward: Broadcom's App Advisor Eases Spring Upgrades
May 1st 2024 9:36am, by
Ryan Dahl: From Node.js and Deno to the ‘Modern’ JSR Registry
May 1st 2024 6:00am, by
5 Lessons From LinkedIn’s First Foray Into GenAI Development
May 2nd 2024 3:00am, by
API Trends: Platform Engineering, the Unbundling and AI’s Role
May 1st 2024 10:58am, by
How to Stop Duplicate Orders in Web Applications
Apr 29th 2024 10:23am, by
GraphQL Growth Explodes but so Do Problems Federated Graphs Solve
Apr 26th 2024 9:16am, by
Application Delivery Controllers: A Key to App Modernization
Apr 25th 2024 8:26am, by
What Are Loop Controls in Python and How Do You Use Them?
Apr 26th 2024 4:00am, by
Apache NiFi 2.0.0: Building Python Processors
Apr 25th 2024 1:14pm, by
How to Use Low-CVE Chainguard Container Images on Docker Hub
Apr 19th 2024 8:04am, by
What Are Python 'Sets' and How Do You Use Them?
Apr 17th 2024 6:17am, by
Python Tutorial: Use TensorFlow to Generate Predictive Text
Apr 16th 2024 11:00am, by
Node.js 22 Release Improves Developer Experience
Apr 30th 2024 11:10am, by
Dev News: React 19 Beta and Redwood Tests React Server Components
Apr 27th 2024 4:00am, by
Cancel Asynchronous React App Requests with AbortController
Apr 24th 2024 8:58am, by
How to Simplify Global State Management in React Using Jotai
Apr 24th 2024 7:29am, by
Dev News: Vercel Preps for React 19; New jQuery, pnpm Releases
Apr 20th 2024 4:00am, by
Dev News: React 19 Beta and Redwood Tests React Server Components
Apr 27th 2024 4:00am, by
Dev News: Deno Supports Open Source Repository JSR and an Offline AI
Mar 30th 2024 4:00am, by
Advanced OOP in TypeScript: Interfaces and Abstract Classes
Mar 22nd 2024 10:30am, by
How to Get Advantages of TypeScript in JavaScript
Oct 27th 2023 10:51am, by
Dev News: Udemy's New Docker Program, Plus TypeScript Beta
Oct 7th 2023 5:01am, by
WebAssembly Adoption: It's Complicated, Says CNCF Survey
May 1st 2024 8:28am, by
Node.js 22 Release Improves Developer Experience
Apr 30th 2024 11:10am, by
WebAssembly, Large Language Models, and Kubernetes Matter
Apr 30th 2024 7:51am, by
What Does WebAssembly Mean for the Server and GenAI?
Apr 23rd 2024 10:03am, by
New Wasm Project Brings Web Components to Backend Languages
Apr 18th 2024 9:36am, by
How to Conquer Cold Starts for Better Performance
Apr 25th 2024 9:17am, by
IBM Purchases HashiCorp for Multicloud IT Automation
Apr 24th 2024 3:23pm, by
Why Observability Was Key to Citigroup’s Cloud Native Transition
Apr 19th 2024 10:29am, by
Answers to the 5 Most Common Cloud Cost-Optimization Questions
Apr 17th 2024 7:38am, by
Key Infrastructure Takeaways from Google Cloud Next 2024
Apr 16th 2024 12:00pm, by
Valkey: A Redis Fork With a Future
May 2nd 2024 7:50am, by
3 Reasons Data Engineers Are the Unsung Heroes of GenAI
May 1st 2024 10:00am, by
Automatically Generate Types for Your PostgreSQL Database
May 1st 2024 7:00am, by
Apache Flink Gets Some Observability With Datorios
Apr 30th 2024 1:03pm, by
How To Control Access in LLM Data Plus Distributed Authorization
Apr 30th 2024 9:49am, by
Rethinking Identity and Access for Cloud Native
May 2nd 2024 8:42am, by
Flaw in R Creates Supply Chain Security Risks
May 2nd 2024 7:06am, by
API Trends: Platform Engineering, the Unbundling and AI’s Role
May 1st 2024 10:58am, by
Ryan Dahl: From Node.js and Deno to the ‘Modern’ JSR Registry
May 1st 2024 6:00am, by
How To Control Access in LLM Data Plus Distributed Authorization
Apr 30th 2024 9:49am, by
Platform Engineering Operations CI/CD Tech Careers Tech Culture DevOps Kubernetes Observability Service Mesh
API Trends: Platform Engineering, the Unbundling and AI’s Role
May 1st 2024 10:58am, by Lori Marshall
This Is Why Infra Teams Should Care About Platform Engineering
May 1st 2024 6:30am, by Luca Galante
New Spotify Portal for Backstage Eases Platform Engineering
Apr 30th 2024 11:21am, by Jennifer Riggins
Platform Engineering: What Does 'Good' Look Like?
Apr 30th 2024 6:23am, by Dormain Drewitz
DevEx Success: How Pfizer Scaled to 1,000 Engineers
Apr 29th 2024 6:17am, by Jennifer Riggins
Rethinking Identity and Access for Cloud Native
May 2nd 2024 8:42am, by Matt Moore
Golang: How To Use the Go Install Command
May 1st 2024 5:00pm, by Jack Wallen
This Is Why Infra Teams Should Care About Platform Engineering
May 1st 2024 6:30am, by Luca Galante
Egress Gateway: Assign Stable IPs To Traffic Leaving K8s Clusters
Apr 30th 2024 9:02am, by Dhiraj Sehgal
Platform Engineering: What Does 'Good' Look Like?
Apr 30th 2024 6:23am, by Dormain Drewitz
CI/CD Observability: A Rich New Opportunity for OpenTelemetry
Apr 30th 2024 10:00am, by Giordano Ricci and Dimitris Sotirakis
The Lazy Developer’s Guide to Creating AI Chatbots
Apr 26th 2024 11:21am, by April Cho
Preventing Scope Creep: Guide for Managing Outsourced Teams
Apr 25th 2024 7:57am, by Liz Ryan
Creating an EKS Cluster with No Manual Coding
Apr 19th 2024 8:53am, by Edan Evantal
How an AI Chatbot Can Boost Developer Productivity
Apr 19th 2024 6:27am, by Asmitha Rathis
Dealing With Chaos: A Guide for Leaders Feeling Overwhelmed at Work
May 2nd 2024 10:00am, by Lena Reinhard
3 Reasons Data Engineers Are the Unsung Heroes of GenAI
May 1st 2024 10:00am, by Barr Moses
How to Land a New Dev or IT Job: Advice from HR Professionals
Apr 29th 2024 7:44am, by Jeff James
DevEx Success: How Pfizer Scaled to 1,000 Engineers
Apr 29th 2024 6:17am, by Jennifer Riggins
Preparing for Crunch Times: Tips for Fast-Scaling Companies
Apr 26th 2024 10:00am, by Jack Tam
7 Tips for Fostering Stronger Communication in Outsourced Projects
May 2nd 2024 7:24am, by Liz Ryan
‘Opinionated’? You Should Contribute to The New Stack
Apr 30th 2024 1:19pm, by Heather Joslyn
Happy Birthday! The New Stack Turns 10 and Judy Retires
Apr 29th 2024 8:25am, by Alex Williams
DevEx Success: How Pfizer Scaled to 1,000 Engineers
Apr 29th 2024 6:17am, by Jennifer Riggins
Preparing for Crunch Times: Tips for Fast-Scaling Companies
Apr 26th 2024 10:00am, by Jack Tam
7 Tips for Fostering Stronger Communication in Outsourced Projects
May 2nd 2024 7:24am, by Liz Ryan
Platform Engineering: What Does 'Good' Look Like?
Apr 30th 2024 6:23am, by Dormain Drewitz
DevEx Success: How Pfizer Scaled to 1,000 Engineers
Apr 29th 2024 6:17am, by Jennifer Riggins
Top 10 Tools for Kafka Engineers
Apr 26th 2024 8:02am, by Stéphane Derosiaux
Vulnerabilities Versus Intentionally Malicious Software Components
Apr 24th 2024 6:49am, by Aaron Linskens
Egress Gateway: Assign Stable IPs To Traffic Leaving K8s Clusters
Apr 30th 2024 9:02am, by Dhiraj Sehgal
WebAssembly, Large Language Models, and Kubernetes Matter
Apr 30th 2024 7:51am, by Torsten Volk
Kubernetes Gets Back to Scaling with Virtual Clusters
Apr 25th 2024 7:01am, by Alex Williams
eBPF: Reliable Policy Setting and Enforcement
Apr 24th 2024 4:00am, by B. Cameron Gain
4 Big Developments in WebAssembly
Apr 18th 2024 8:56am, by Matt Butcher
Apache Flink Gets Some Observability With Datorios
Apr 30th 2024 1:03pm, by Joab Jackson
Improving LLM Output by Combining RAG and Fine-Tuning
Apr 30th 2024 10:50am, by Haijie Wu and Junhwi Kim
CI/CD Observability: A Rich New Opportunity for OpenTelemetry
Apr 30th 2024 10:00am, by Giordano Ricci and Dimitris Sotirakis
Linux: Deploy the Netdata Server Performance Monitor
Apr 27th 2024 6:00am, by Jack Wallen
Guider Daemon Automates Linux Performance Monitoring
Apr 19th 2024 11:16am, by Joab Jackson
Enhancing Business Security and Compliance with Service Mesh
Apr 1st 2024 10:00am, by Ninad Desai
Some Linkerd Users Must Pay: Fear and Anger Explained
Feb 28th 2024 9:21am, by B. Cameron Gain
Buoyant Revises Release Model for the Linkerd Service Mesh
Feb 21st 2024 9:30am, by Joab Jackson
Istio Advisor Plus GPT: Expert System Meets AI for Service Mesh
Dec 14th 2023 12:15pm, by Steven J. Vaughan-Nichols
Using JWTs to Authenticate Services Unravels API Gateways
Nov 8th 2023 6:53am, by Christian Posta and Peter Jausovec
Open Source / Security / Tech Culture

How an OSPO Can Help Secure Your Software Supply Chain

An in-house group of open source experts can keep your organization up to date on security patches, license compliance and best practices.
Mar 9th, 2022 9:58am by
Featued image for: How an OSPO Can Help Secure Your Software Supply Chain
Featured image by Alexander Schimmeck via Unsplash.

It’s nearly impossible these days to build software without using open source code. But all that free software carries additional security risks.

Organizations grapple with how best to secure their open source software supply chain. But there’s another problem: Many companies don’t even know how many open source applications they have — or what’s in them.

The worst-case scenarios include debacles like 2021’s Log4j security vulnerability, or what happened with SolarWindsproprietary Orion network monitoring product, which was infected with malware in 2020.

For companies that build and ship software, the best practice is to “ship what you know and know what you ship,” according to Suzanne Ambiel, director of open source marketing and strategy at VMware Tanzu. And that “shipping manifest” applies to open source and proprietary code equally.

“Your customer and user community is trusting that what you are providing to them is good and clean and secure,” she said. “They trust you to have done the hard work, and that you know what’s in your software.”

In order to get a handle on the potential risks involved with using open source, companies need to have a clear understanding of what open source code is used in their environment, stay up to date on patching, and even conduct their own vulnerability scans and assessments if necessary.

An open source program office (OSPO) — a bureau of open source experts within your organization dedicated to overseeing how your company uses, creates and contributes to free software — can help coordinate all these efforts.

An OSPO can help a company get a handle on the open source code it uses and establish visibility into open source projects and tools, said Liz Miller, vice president and principal analyst at Constellation Research.

“Fundamentally, the purpose of an open source program office is to centralize the understanding of dependencies, implementation and utilization of open source code across an enterprise,” Miller said. “There is a significant security benefit to an OSPO.”

What’s In Your Open Source Code?

Today’s software is made up of components from a variety of sources. “It’s never 100% one thing,” said VMware’s Ambiel.

“There’s some code that you have written for the first time, so you obviously know what’s in there. But you may have used some containerized software. And you are going to be reusing some code. And everyone uses open source code.”

Recent studies differ on exactly how much open source code enterprises use, but it’s a lot:

Here’s the scary part: In Synopsys’ analysis, 84% of the codebases had at least one vulnerability. And 91% of the open source components used hadn’t seen any maintenance of the past two years.

Even open source code that has been in circulation for years and has been seen and used by millions can include vulnerabilities lurking layers deep in the code, said Miller.

“The reality of open source is that for the security professional, hearing that a software supply chain is filled with unchecked, unknown and completely invisible open source code is the stuff nightmares are made of,” she said.

That’s why software needs to come with a “bill of materials,” said Ambiel, a complete inventory of all the components that go into a software package, and their versions and license terms.

And there’s a lot happening on that front. An OSPO can help companies stay on top of the latest recommendations, she said.

For example, last May President Biden issued an executive order requiring a software bill of materials (commonly known as an SBOM) from vendors that provide software to the federal government.

Two days later, the Cloud Native Computing Foundation (CNCF) released a best-practices white paper recommending that all vendors provide an SBOM where possible, with clear and direct links to dependencies.

The CNCF white paper also recommended that companies scan their software with software-composition analysis tools to detect vulnerable open source components, and use penetration testing to check for basic security errors or loopholes and resistance to standard attacks.

Companies need to have a clear understanding of what open source code is used in their environment, stay up to date on patching, and even conduct their own vulnerability scans and assessments if necessary. An OSPO can help coordinate those efforts.

And more recently, the Linux Foundation published a report that provides additional insights and recommendations for best practice management of your software supply chain.

With an in-house OSPO in place, the professionals in that office can help educate developers on the best practices for creating SBOMs and also help establish Software Data Package Exchange (SDPX) standards, which is how SBOM information is communicated.

It can also help devs keep abreast of emerging concepts like the new framework for software supply chain integrity, called Supply-Chain Levels for Software Artifacts, or SLSA, introduced by Google in collaboration with OpenSSF in 2021.

Keeping up to date with these best practices is a challenge, said Ambiel. “Being a developer is hard enough, and asking them to take on that challenge pulls them away from the applications or products they’re trying to build.”

An OSPO “can bring in the best practices and apply them in the best way possible, given the company you are and the software development that you do,” Ambiel said.

Protecting Open Source Software from Attack

Attacks on the open source software supply chain increased 650% last year compared to 2020, according to Sonatype‘s state of the software supply chain report, released in September.

And that’s before the Log4J vulnerability came to light, called the most dangerous Java exploit in years by security researchers.

An OSPO can help developers stay abreast of new developments in open source security and build more secure applications, while also staying on top of required updates and patches.

Software is constantly changing, and it’s a constant challenge for companies to keep up with those changes. An OSPO can also help create and maintain connections to open source communities that keep track of the latest changes in software, and these connections can help companies stay on top.

“What’s current today is technical debt tomorrow,” said Ambiel. “It’s a big job. But when it comes to these big ecosystem challenges, that’s where the open source community really shines and can step up.”

Keeping on top of code changes is a problem that everyone has, she said: “No one is excluded. Everybody has to pay attention to this.”

When companies open themselves up to new ideas from beyond their corporate borders, that’s when the best solutions come to bear, she added.

For example, the open source community has been working on supply chain security and compliance for years. The Linux Foundation’s Tern project, which inspects container images, is part of its Automated Compliance Tooling initiative.

“What’s current today is technical debt tomorrow. It’s a big job. But when it comes to these big ecosystem challenges, that’s where the open source community really shines and can step up.”

—Suzanne Ambiel, director of open source marketing and strategy, VMware Tanzu

An OSPO can also tap outside expertise through the OpenSSF, which is working on system solutions and ways to combat increasing attacks like typosquatting and malicious code.

All of this is important because attackers are getting proactive, said David Wheeler, director of open source supply chain security at the Linux Foundation.

They directly inject malware into software source code or installable packages — sometimes, just submitting an update with malware in it and hoping nobody notices, or by stealing a developer’s password.

“Malicious code injection is the kind of attack that most people think about, yet in practice, it’s less common in open source software,” said Wheeler. “Still, it can be devastating when it happens.”

The most common way to replace legitimate code with malicious code is by creating a duplicate package on a different repository. A developer might think they’re loading a trusted package from their in-house repository but load a package with the same name from a different, public repository because it has a later release date.

“Typosquatting is another common attack,” said Wheeler. This is when the malicious package has almost the same name as the real one. “The developer uses the malicious package instead — often because the developer makes a typo.”

OSPOs and Open Source Communities

To guard against these kinds of attacks, Wheeler recommends that companies engage more with open source communities.

Having an OSPO helps companies do just that. Fifty-six percent of participants in the Linux Foundation survey felt that engaging with the developer community was a chief responsibility of an OSPO, and almost 69% said promoting an open source culture in-house was a chief responsibility of an OSPO.

If an open source project is important to a company but the project doesn’t have multiple people reviewing code upgrades, then it might make sense to join the project.

“The costs of doing so are typically far less than trying to independently develop and maintain your own software,” Wheeler said.

He also suggested that companies get involved in the OpenSSF, a consortium of many organizations working on systemic solutions, such as distributing multifactor authentication tokens to software developers.

“Different organizations may choose to resolve these challenges differently,” Wheeler said. “But OSPOs are often well-placed to help.”

TRENDING STORIES
Group Created with Sketch.
SHARE THIS STORY
TRENDING STORIES
TNS owner Insight Partners is an investor in: Pragma.
TRENDING STORIES
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.