What this talk here: https://vimeo.com/129822165
DevOpsDays Austin Talk.
Computers are hard, and security is even harder. Let's discuss things to do when you have a dedicated Infosec team, and tools you can use when you don't.
19. @petecheslock
It’s time that we recognize that all
these new tools which are helping to
enable our teams to work so well are
also introducing new attack vectors.
20. @petecheslock
risk = (threat) x (probability)
x (business impact)
http://sysadvent.blogspot.com/2014/12/day-24-12-days-of-secdevops.html
- Jen Andre
35. @petecheslock
“FWIW, I have most of a sub-key implementation done, but that
still won’t solve your problem, as it will be years before that
implementation is widely deployed…”
36. @petecheslock
Compile your Source
Build a Package
Sign the Package
Test the Package
Deploy the Package
You can’t hate the curl bash and be OK deploying from Github