HOT TOPIC 2: After taking a decision to establish DevSecOps mindset at an organisation, what key skills and experience (cultural as well as technical) should I look for in a first hire?
HOT TOPIC 3: Incorporating traditional Security Operations Centre (SOC) function into DevOps/DevSecOps?
The talk will be about …. Shifting left significantly reduces costs and diminishes release delays. Continuous security validation should be added at each step from development through production to help ensure the application is always secure. I’ll be focusing on work done with Pride in London (a project using Gatsby2, Contentful and Netlify) and showing you how to create a secure CI/CD pipeline. You’ll learn how GitHub Marketplace helped the team automating and improving our workflow with different tools for accessibility, code coverage, code review, code quality, security and other functionalities. You’ll also find out what OWASP is and how to improve the workflow for your own open source projects using GitHub Marketplace applications.
HOT TOPIC 4: Supply Chain Security: Should the approach be the same for COTS vs developed business applications … is one more “DevSecOps related” than the other?
This talk will be about…whether we have an obligation to ship secure code. Customers, and even users of free products, share their data with companies on the assumption that those companies will make a good faith effort to protect them. But what about our obligations as individual developers? Can we rely on QA or pen testers, if we’re in a larger organisation? What if we’re individual indie devs, what then?
1230 – Vendor (Sonatype)
1330 – Community Speaker 2 (Glenn Wilson)
1430 – Refreshments & Network
1500 – Vendor (Checkmarx)
1600 – Vendor (Contrast)
1730 – Food & Network
1800 – Community Speaker 1 (Dr. Helen Thackray)
1900 – Vendor (AquaSec)
2000 – Community Speaker 3 (Chris Rutter)
Software is no longer delivered on a CD-ROM with occasional updates. Software delivery has become a continuous process for SaaS, mobile and desktop apps with technology suppliers woven in. Open source, service provider APIs, and of course cloud are all woven in and changing continuously. What value is a point in time assessment to understand the risk accepted by the enterprise or software users? Software assessments must become continuous and process based. There is also a need to balance the transparency desired by software users with the needs of vendors to be effective in software delivery and maintenance. We need continuous assessment with the right level of transparency to keep up with our rapidly changing and deeply nested software supply chains.
This talk is about maturing a security programme in an organization’s DevOps/DevSecOps transformation. We will discuss how maturity models can be used to help organizations in achieving systematic improvements in any DevSecOps programs.