Navigating agile automotive software development

•Download as PPTX, PDF•

1 like•592 views

With many automotive organizations transforming development efforts towards agile methodologies, the need to redefine and establish security, safety, and quality standards and testing methods is more important than ever. How do we fit safety and security planning and tools into the adaptive development and rapid delivery practices of agile teams? In this second one-hour webinar you'll learn how to: - Integrate security and compliance testing with agile development - Provide context for fast triage and remediation - Create policies for code management in integrated testing environments

Software

Agenda
• A holistic approach to cybersecurity
• Blending DevOps and Agile for security
• How to implement a Jenkins CI system
• Examples of security defects
• Q&A
3© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED

A holistic approach to cybersecurity
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 5
Information overload
Develop an adaptive threat
model
Threat
Model
External
Data
Internal
Threat
Metric
Action

© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 6
Threat model
Most breaches result from input trust issues
Threat modeling identifies, quantifies, and addresses
security risks by:
1. Understanding the application & environment
2. Identifying & prioritizing threats
3. Determining mitigation actions
Identify
assets
System
overview
Decompose
application
Identify
threats
Prioritize
threats

© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 7
Security overload
News
Blogs, social media
conferences
Security standards
OWASP, CWE, CERT, etc.
Senator Markey report
NVD, White Hat, Black Hat OEMs, internal
Media More and more software running inside
your car
Standards and legislation
Research Requirements
Developers don’t know security
(80% failed security knowledge survey)

Developing a threat metric
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 8
Build score
• Automated and functional testing can give you a pass fail metric on every
run of the test suite
• A metric can be generated from penetration testing based on the number
of exploitable paths in your code base
• Software quality tools can give you a count of critical static analysis and
compiler warnings
• A metric can be developed based on the presence of snippets of open
source code previously undetected or open source with new known
vulnerabilities
• All of these metrics can be generated on every build of your software

Agile development: Integrated
security
© 2015 Rogue Wave Software, Inc. All Rights Reserved. 10
Adaptive
Accept
Sprint 1
Sprint 2
Sprint n
Release
Change
Adjust and Track
Feedback
Review
Next Iteration
No!
Yes!
Release
to
Market
Integrate
and Test
Integrate
and Test
Integrate
and Test
Multiple testing
points
Rapid feedback
required
“Outside” testing
does not meet
Agile needs

DevOps SDLC
11
Continuous
Integration
SDLC Step
UAT/
exploratory
testing
Functional
testing
Performance
load security
Release Deploy
Metric
Understand
Needs
Invent
Solution
Develop
Build
Commit
Idea
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED

Jenkins CI
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 13

Load, Performance, Security…Testing phase
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 15
Load, Performance,
Security, … Testing

Develop, commit & build
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 16

Develop, commit & build
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 17

DevOps SDLC
18
Continuous
Integration
SDLC Step
UAT/
exploratory
testing
Functional
testing
Performance
load security
Release Deploy
Metric
Understand
Needs
Invent
Solution
Develop
Build
Commit
Idea
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED

Conclusions
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 19
The application security world is fluid
Create concrete,
actionable strategies
(Threat Metric, analysis & scanning)
Delivery cycles are short
Update regularly with
well-defined process
(Agile, CI)

See us in action:
www.roguewave.com
Jeff Hildreth | jeff.hildreth@roguewave.com

Navigating agile automotive software development

What's hot

Agile Automotive (Final)

James Janisse

ISO 26262 Unit Testing | Functional Safety in Automotive

Embitel Technologies (I) PVT LTD

The adoption of Agile is spreading across various industries, in organizations of all sizes. However, most experts agree that scaling Agile for enterprise use is a challenge. SAFe®, the Scaled Agile Framework, was created to resolve this problem. SAFe® provides a fully controlled way to adopt and scale Agile across large companies, and to align Agile processes to business strategy. The Scaled Agile Framework's latest edition 4.0 introduces the optional Value Stream level to synchronize all the Agile Release Trains, as well as other updates compared to SAFe® 3.0. Our webinar helps you to learn more about implementing enterprise Agile with the Scaled Agile Framework, and the differences between SAFe®'s previous versions and its recently released 4.0.

Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile Framework

evatjohnson

With increased software size and complexity, there is an increased risk in terms of software failures that could lead to unacceptable hazards. Part 6 of ISO26262 standard (International Standard for safety of automotive electronics) provides appropriate requirements and processes to develop automotive software acceptably safe. Following ISO26262 standard is almost mandatory in every leading company. The topic of the meetup is to introduce the ISO26262 standard and briefly address the following questions: 1. How to develop automotive software according to ISO26262? 2. What is safety analysis and how to use it in software? 3. How to manage software according to requirements from standard? 4. What are the other constraints from ISO26262 towards software development and testing? Speaker: Chaitanya Raju is currently consulting across safety critical automotive systems and software. He has a master's in automotive embedded systems and experience of around 10 years in the automotive domain. As a safety practitioner he worked at Volvo Trucks (GTT), NEVS, CEVT, Hyundai Mobis and currently working in Volvo Cars. Chaitanya trained function owners, software developers and project managers in ISO26262.

Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)

Dimitrios Platis

Whether you’re a manager, a project manager, an engineer, a developer, or you work in purchasing – in the automotive industry, almost all departments come into contact with Functional Safety. If you need detailed answers to the Functional safety issues that take up most of your time at work, our courses fit the bill. Automotive functional safety ISO 26262 preparing covers the foundation of ISO 26262 standard, its extension, the primary contrasts from IEC 61508 (the general safety standard), and how the degree changes with including new frameworks. Automotive functional safety ISO 26262 preparing gives a diagram of all segments of ISO 26262 and its effect. For what reason Do You Need ISO 26262 Training? ISO 26262 is the new automotive application standard for functional safety IEC 61508 that impacts the entire item lifecycle. Be that as it may, applying and actualizing ISO 26262 out of a powerful, effective way can be testing. Learn about: ISO 26262 prerequisites The difficulties of executing ISO 26262 The formal safety the executives forms Hazard evaluation and the functional safety idea Specialized safety idea and framework plan Safety-arranged equipment and programming advancement A deliberate way to deal with safety investigation Abilities required for viable reviewing of the ISO 26262 necessities Abilities to survey the Safety Case Functional Safety Audit and Functional Safety Assessment Affirmation Measures including Confirmation Reviews, Functional Safety Audit and Functional Safety Assessment Danger examination and hazard evaluation (H&R/HARA) Parts 2,3,4,5,6,7,8, and 9 FMEA / FTA / DRBFM ISO 26262 equipment compositional measurements Subordinate disappointment investigation (DFA) Learning Objectives: Comprehend the subtleties of ISO 26262 Distinguish how the extent of ISO 26262 applies to their framework Build up a Safety Case plan consenting ISO 26262 Development Interface Agreement consistent to ISO 26262 Characterize the safety objectives and Automotive Safety Integrity Level (ASIL) Decide the HW prerequisites dependent on ASIL Decide the SW prerequisites dependent on ASIL Call us today at +1-972-665-9786. Learn more about this course audience, objectives, outlines, seminars, pricing , any other information. Visit our website link below. Automotive functional safety iso 26262 training bootcamp 2019 https://www.tonex.com/training-courses/automotive-functional-safety-iso-26262-training/

Automotive functional safety iso 26262 training bootcamp 2019

Tonex

Welcome to InflectraCon 2020! Please enjoy Inflectra's partner presentation on common DevSecOps pipeline concepts and the integration of a typical pipeline with the Spira family of tools. The key takeaways are: - Explore foundational DevSecOps pipeline concepts, components, and functions. - Understand how the move to DevSecOps can help detect defects before production quickly and prevent continuous bugs. - Learn how you can jump-start your efforts and have a working pipeline on your project. The presentation is by the Inflectra Partner - Coveros. The companion video is available here https://www.youtube.com/watch?v=bTQJtr1Digw

Inflectracon2020: Advantages of Integrating a DevSecOps Pipeline with the Spi...

Inflectra

Talk given by Dan Mitchell, (Operability Lead, Equal Experts) at ExpertTalks Manchester, 18th October 2017. All too often DevOps is a constraint for organisations. People have been led to believe it will solve all their problems, but it's shrouded in magic, mystery, and pixie dust. We want to distill DevOps down to its thing of value - operability - and help organisations to create a real feedback loop for their production systems and improve their delivery flow.

Moving Towards Operability & Organising for Continuous Delivery

Equal Experts

Qualification of Eclipse-based Tools according to ISO 26262

Oscar Slotosch

Methodologies 3: Using Spira for Waterfall

Inflectra

ISO 26262 introduction

KoenLeekens

This is a presentation on how to build quality into your DevOps/DevSecOps pipelines. The presentation covers: - Software Quality through End-to-end Traceability: How SpiraPlan Enables Progress Tracking and Visualization through Dashboards - Adam Sandman, Inflectra - Quality Gates: Forcing Functions to Bake Quality In - Jeffery Payne, Coveros - Delivering Quality Through Your DevSecOps Pipeline Using SpiraPlan - Hugo Sanchez, Coveros. The presentation was created on Feb 4, 2021.

Building Quality into Your DevSecOps Pipelines

Inflectra

Inflectra Enterprise Agile Planning Briefing for Gartner 2018

Adam Sandman

Rapise Overview Presentation (2021)

Inflectra

Aligning QMS and Engineering Processes in Medical Product Development

Intland Software GmbH

This is a presentation linked to a live webinar called: Friends and Foes of Software Test Automation. This is the 4th webinar in Inflectra's 7- part live webinar series called: Test Automation, Demystified. The webinar discusses two important areas of test automation: - A list of structural elements inside an application that are critical in test automation - Knowing what to check first: how to reduce the rate of failure in test automation. The webinar is presented by Alexey Grinevich - a senior software engineer and automation architect at Inflectra.

Friends & Foes of Software Test Automation - Test Automation, Demystified | W...

Inflectra

27 Nov 2019 – Experts Talk: Integrated MedTech Delivery from Requirements thr...

Intland Software GmbH

SpiraTeam Overview Presentation (2019)

Inflectra

SpiraTest Overview Presentation (2022)

Inflectra

1, 2, 3 build - continuous integration for mobile apps

Alexander Pacha

Program And Portfolio Management

Inflectra

What's hot (20)

Agile Automotive (Final)

ISO 26262 Unit Testing | Functional Safety in Automotive

Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile Framework

Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)

Automotive functional safety iso 26262 training bootcamp 2019

Inflectracon2020: Advantages of Integrating a DevSecOps Pipeline with the Spi...

Moving Towards Operability & Organising for Continuous Delivery

Qualification of Eclipse-based Tools according to ISO 26262

Methodologies 3: Using Spira for Waterfall

ISO 26262 introduction

Building Quality into Your DevSecOps Pipelines

Inflectra Enterprise Agile Planning Briefing for Gartner 2018

Rapise Overview Presentation (2021)

Aligning QMS and Engineering Processes in Medical Product Development

Friends & Foes of Software Test Automation - Test Automation, Demystified | W...

27 Nov 2019 – Experts Talk: Integrated MedTech Delivery from Requirements thr...

SpiraTeam Overview Presentation (2019)

SpiraTest Overview Presentation (2022)

1, 2, 3 build - continuous integration for mobile apps

Program And Portfolio Management

Similar to Navigating agile automotive software development

Network intrusion. Information theft. Outside reprogramming of systems. These examples are just a few of the several reasons why software security is becoming increasingly more important to all industries. No system is immune, so it’s more important than ever to understand why secure code matters and how to create safer applications. With this presentation you'll learn how to: -Protect your systems from risk -Comply with security standards -Ensure the entire codebase is bulletproof

Create code confidence for better application security

Rogue Wave Software

Automotive safety has been a major concern for manufacturers everywhere and now the threat of automotive hacking looms. Your team may be familiar with safety standards and defensive coding techniques but do you know how to handle security threats at the code level? What can you do next to transform your processes and development strategies? Join automotive experts from Rogue Wave Software for the first in a three-part series on securing your code and solidifying processes to ensure safe, defect-free software. By educating teams and understanding proven techniques, you’ll be able to take the next step towards less risk and more value for your applications. In this first one-hour webinar you'll learn: - Techniques to protect your automotive software systems from risk - Tools that accelerate compliance with security and safety standards - Tips to ensure defects are eliminated as early as possible

The road towards better automotive cybersecurity

Rogue Wave Software

Perforce on Tour 2015 - Grab Testing By the Horns and Move

Perforce

As consumer demands drive vehicle software to new limits, the rapid evolution of embedded software technology brings security and safety software challenges. These challenges are made more difficult because vehicle software continues to increase in size and complexity, elevating the risk of failures. Regardless of the difficulty, safety critical software must be secure and reliable to avoid severely damaging a company’s reputation and competitive advantage. At Rogue Wave, it is our job to help customers ensure their software is secure and reliable. Our source code analysis tools have analyzed billions of lines of code across the mobile device, automotive, consumer electronics, medical technologies, telecom, military and aerospace sectors. Although the automotive industry comes with some unique challenges and requirements to ensure security and compliance, we know how to work in complex environments given our experience with more than 3,000 customers over the last 25 years, including the biggest brands in the automotive industry.

Top 5 best practice for delivering secure in-vehicle software

Rogue Wave Software

When did we forget that old saying, “prevention is the best medicine”, when it comes to cybersecurity? The current focus on mitigating real-time attacks and creating stronger defensive networks has overshadowed the many ways to prevent attacks right at the source – where security management has the biggest impact. Source code is where it all begins and where attack mitigation is the most effective. In this webinar we’ll discuss methods of proactive threat assessment and mitigation that organizations use to advance cybersecurity goals today. From using static analysis to detect vulnerabilities as early as possible, to managing supply chain security through standards compliance, to scanning for and understanding potential risks in open source, these methods shift attack mitigation efforts left to simplify fixes and enable more cost-effective solutions. Webinar recording: http://www.roguewave.com/events/on-demand-webinars/shifting-the-conversation-from-active-interception

Shifting the conversation from active interception to proactive neutralization

Rogue Wave Software

Cybersecurity overview - Open source compliance seminar

Rogue Wave Software

Now that you’ve learned how to create code confidence for better application security, the second webinar in this series focuses on ensuring your processes are secure. With many organizations transforming development efforts from traditional environments toward Agile development, the need to redefine and establish security standards and testing methods is more important than ever. In this second one-hour webinar you'll learn how to: - Integrate security and compliance testing with Agile development - Provide context for fast triage and remediation - Create policies for code management in integrated testing environments

Create Agile confidence for better application security

Rogue Wave Software

Secure SDLC in mobile software development.

Mykhailo Antonishyn

Join security experts from Rogue Wave Software for the first in a three-part series on ensuring your code and processes are secure. Network intrusion. Information theft. Outside reprogramming of systems. These examples are just a few of the several reasons why software security is becoming increasingly more important to all industries. No system is immune, so it’s more important than ever to understand why secure code matters and how to create safer applications. In this first one-hour webinar you'll learn how to: - Protect your systems from risk - Comply with security standards - Ensure the entire codebase is bulletproof

Create code confidence for better application security

Rogue Wave Software

Дмитро Терещенко, "How to secure your application with Secure SDLC"

Sigma Software

Applicaiton Security - Building The Audit Program

Michael Davis

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare ☁

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare ☁

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare ☁

Secure Software Development Lifecycle

1&1

Succeeding-Marriage-Cybersecurity-DevOps final

rkadayam

Security Culture from Concept to Maintenance: Secure Software Development Lif...

Dilum Bandara

Waterfall is based on the concept of sequential software development—from conception to ongoing maintenance—where each of the many steps flowed logically into the next. Join this webinar presentation to learn: - Why DevOps cannot effectively work in waterfall - How to use DevOps tools to optimize processes in either development or operations through automation We will also discuss what is needed to support full DevOps

How to go from waterfall app dev to secure agile development in 2 weeks

Ulf Mattsson

Security testing is an important part of any (agile) secure software development lifecyle. Still, security testing is often understood as an activity done by security testers in the time between "end of development" and "offering the product to customers." Learning from traditional testing that the fixing of bugs is the more costly the later it is done in development, we believe that security testing should be integrated into the daily development activities. To achieve this, we developed a security testing strategy, as part of SAP's security development lifecycle which supports the specific needs of the various software development models at SAP. In this presentation, we will briefly presents SAP's approach to an agile secure software development process in general and, in particular, present SAP's Security Testing Strategy that enables developers to find security vulnerabilities early by applying a variety of different security testing methods and tools.

Agile Secure Software Development in a Large Software Development Organisatio...

Achim D. Brucker

Automobiles are incorporating a sophisticated mix of connectivity, driver assistance, and consumer device integration. Capabilities for integrating smart devices and utilizing Wi-Fi connectivity for wide area connectivity on the road is proliferating. The mix of consumer device, infotainment, and critical driver assist and safety technologies present a myriad of time to market and security challenges for auto manufacturers. Join us as auto technology experts discuss the "Auto IoT" environment and the latest tools, technologies, and design considerations for implementation and delivery.

Autos, Wi-Fi, and IoT

Rogue Wave Software

Similar to Navigating agile automotive software development (20)

Create code confidence for better application security

The road towards better automotive cybersecurity

Perforce on Tour 2015 - Grab Testing By the Horns and Move

Top 5 best practice for delivering secure in-vehicle software

Shifting the conversation from active interception to proactive neutralization

Cybersecurity overview - Open source compliance seminar

Create Agile confidence for better application security

Secure SDLC in mobile software development.

Create code confidence for better application security

Дмитро Терещенко, "How to secure your application with Secure SDLC"

Applicaiton Security - Building The Audit Program

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Secure Software Development Lifecycle

Succeeding-Marriage-Cybersecurity-DevOps final

Security Culture from Concept to Maintenance: Secure Software Development Lif...

How to go from waterfall app dev to secure agile development in 2 weeks

Agile Secure Software Development in a Large Software Development Organisatio...

Autos, Wi-Fi, and IoT

More from Rogue Wave Software

Open Banking is being driven by regulation in Europe, however, it is ultimately about expanding consumer choice in financial services. Open Banking provides opportunities for financial services and FinTech companies as well as consumers. In this webinar, we’ll examine the influence of Open Banking across the globe and the key differences between regulation-led and market-led initiatives. We’ll also explore essential security standards in Open Banking and how they contribute to a secure Open Banking API interface.

The Global Influence of Open Banking, API Security, and an Open Data Perspective

Rogue Wave Software

No liftoff, touchdown, or heartbeat shall miss because of a software failure

Rogue Wave Software

In today’s economy, companies of all kinds are looking to disrupt their own and other industries across everything from banking through logistics and retail. Disruption and innovation are typically built on the back of a digital transformation strategy; disrupting a market is all about finding new ways of servicing customers through innovative channels or approaches. APIs have become the foundation of disruption, innovation, and digital transformation. This presentation will help you understand the necessary components of a well-constructed API strategy, with particular attention paid to security.

Disrupt or be disrupted – Using secure APIs to drive digital transformation

Rogue Wave Software

Presented at APIdays Paris. API security is the principal concern when it comes to establishing a trusted API ecosystem. Rightly so, because opening up business systems through APIs by definition expands the attack surface that can be exploited. Although many threat vectors and vulnerabilities are well known, we have to remain on the lookout for new threats continuously. On the positive side, open standards that help defend against security threats are constantly being created and refined. What is even more helpful are the specifications that aggregate relevant standards into a comprehensive API security profile. Excellent examples of these are the current specifications that support open banking initiatives like UK Open Banking and PSD2. Could these specifications not have a wider applicability? In other words, would we be able to benefit from the security guidelines captured in these specifications in other verticals like logistics, retail, energy, healthcare and government, too? In this talk, we will compare security guidelines covered in the specifications and see to what extent they may benefit the wider enterprise API developer community.

Leveraging open banking specifications for rigorous API security – What’s in...

Rogue Wave Software

Adding layers of security to an API in real-time

Rogue Wave Software

API management plays an important role in many large enterprises as it sets up the foundation for accelerating the integration of applications, databases, and key processes to derive business value from your APIs. How do you know if your organization is getting the most value out of your API management platform? Ian Goldsmith from Rogue Wave for an in-depth discussion of the importance of an enterprise-class API architecture and key considerations to ensure you are getting the most from your API management platform. As well as a case study that demonstrates how one organization uses the Akana API Platform to create a secure, integrated system to mitigate the risks of business on a public cloud network.

Getting the most from your API management platform: A case study

Rogue Wave Software

Presented at Supercomputing 18. Debugging and analyzing today's HPC applications requires a tool with capabilities and features to support the demands of today’s complex HPC applications. Debugging tools must be able to handle the extensive use of C++ templates and the STL, use of many shared libraries, optimized code, code leveraging GPU accelerators and applications constructed with multiple languages. This presentation walks through the different advanced technologies provided by the debugger, TotalView for HPC, and shows how they can be used to easily understand complex code and quickly solve difficult problems. Showcasing TotalView’s new user interface, you will learn how to leverage the amazing technology of reverse debugging to replay how your program ran. You will also see how TotalView provides a unified view across applications that utilize Python and C++, debug CUDA applications, find memory leaks in your HPC codes and other powerful techniques for improving the quality of your code.

Advanced technologies and techniques for debugging HPC applications

Rogue Wave Software

This is a classic example of older technology not being used to its fullest, which Justin proves by walking through little-known configuration and optimization tricks that get data flowing reliably and efficiently – even for today’s complexity and scale. This session covers: A – Camel basics, understanding Exchanges, Routes, and how to implement EIPs with them B – Examples of real implementations of common EIPs like Content Based Routers and Recipient Lists C – Integration of Camel with common endpoints, like JMS, FTP, and HTTP

The forgotten route: Making Apache Camel work for you

Rogue Wave Software

Are open source and embedded software development on a collision course?

Rogue Wave Software

Microservices and APIs might sound like fairy dust you sprinkle on applications to make them “agile,” judging by today’s industry talk. The reality is that they work as the critical foundations for digital transformation only when done right. The goal isn’t simply to build agile apps, it’s for businesses to gain agility and thrive against the onslaught of digital disruption – and this requires going deeper. Organizations must ensure microservices and APIs add value, and also understand how to put the two together. Walk away with a better understanding of microservices and APIs and be better prepared to drive the right solutions for your organization. Watch on-demand webinar at www.roguewave.com

Three big mistakes with APIs and microservices

Rogue Wave Software

Whether starting from greenfield or modernizing existing infrastructure, how do you remove the guesswork in deploying and maintaining cloud-based, business-critical workloads? From architectural decisions to fine-tuning scale and performance, our open source architects explain how top enterprises build and maintain their open source stacks, focusing on operational agility and cost-effectiveness. You will walk away with real use case examples and five ways to better plan and deliver your next cloud strategy.

5 strategies for enterprise cloud infrastructure success

Rogue Wave Software

PSD2-driven Open Banking is here, and with it comes challenges in understanding what it means, choosing which standards organizations to follow, which practices are right for you, and whether to aim for regulatory compliance only or use the regulation as an opportunity to differentiate and transform. From a strategic and technical point of view, compliance dictates that now is the time to chart a precise implementation for your organization – do you know where to begin?

PSD2 & Open Banking: How to go from standards to implementation and compliance

Rogue Wave Software

With the release of Java 10, the impact of Java 9, and the spread of multiple emerging technologies, the biggest questions for high-performing development teams is: How do we keep up and take advantage of the features relevant to us? Java experts, Toomas Romer and Rod Cope, discuss recent changes to the language and how they impact tools, development velocity, and the ability to innovate; along with industry insights to better plan for more complex systems, the inevitable modernization, and adapting to scale.

Java 10 and beyond: Keeping up with the language and planning for the future

Rogue Wave Software

On the path to innovation, development teams fear nothing but try to avoid three things: Re-work, lawyers, and, missing deadlines. In this talk, Rod Cope will discuss what to do when software is not license compliant, to help avoid lawyers getting involved, disrupting schedules and potential architectural or code changes. The initial step in helping make sure teams are in compliance with open source licenses is education. The goal is to provide concrete steps towards development teams adopting a vested interest in paying attention to what open source they download and how it's used.

How to keep developers happy and lawyers calm (Presented at ESC Boston)

Rogue Wave Software

This isn’t your typical case study, this is the reality of open source: One hundred percent of organizations use varying degrees of OSS, yet we still focus on one particular package or layer when it comes to sharing best practices. The reality is, when we get stuck, it’s the configuration and operational interrelationships between packages that matter. This session takes open source support data across multiple organizations to examine three different scenarios that represent the most common issues we see today (in fact, 80% of the cases we see are due to configuration and package interrelationship issues). Justin Reock covers e-commerce, mobile PaaS, and high performance computing examples to illustrate top problems and solutions for stack selection, infrastructure implementation, and production troubleshooting.

Open source applied - Real world use cases (Presented at Open Source 101)

Rogue Wave Software

For users of SourcePro and Tools.h++, the future of Solaris is uncertain, as seen by the recent reductions of the Oracle Solaris team and an increase in inquiries we're receiving on how to migrate applications from Solaris to Linux. Prepare for your future by joining this webinar on how to best plan and execute a successful migration for your SourcePro or Tools.h++ components. Our technical experts walk through: - Options to migrate code that contains Tools 7 or Tools.h++ libraries - Tips and tricks to migrate code to Linux - How to determine whether you can do it yourself - What to tell your service provider Whether you plan to do it yourself or enlist Rogue Wave professional services, at the end of this webinar you will understand the best path for migration.

How to migrate SourcePro apps from Solaris to Linux

Rogue Wave Software

The HPC community is embracing the advantages of mixed-language development environments, presenting challenges for debugging and testing when application execution and data flow cross languages. How can we take advantage of the unique features offered by different languages while minimizing the impact on bug reproduction, root-cause analysis, and solution? This presentation walks through the current mixed-language HPC landscape to describe the problems with testing these types of applications and best-practice solutions using TotalView for HPC. You will learn how these architectures make it easy to “steer” computation between modules of different languages, to accelerate prototyping and development, and how advanced testing techniques provide visibility into the call stack and data for efficient debugging.

Approaches to debugging mixed-language HPC apps

Rogue Wave Software

Red Hat Enterprise Linux (RHEL) is the dominant distribution used by commercial organizations today. But did you know that there's a functionally-compatible alternative that offers options when it comes to licensing, support, and cost effectiveness? Whether you're thinking about moving away from RHEL or have already made the decision, this webinar gives you the background, proof points, and data to justify why moving to CentOS makes sense. At the end of this presentation, you will have all the data you need to consider for an enterprise Linux migration activity and reasons why CentOS is a viable, cost-effective solution.

Enterprise Linux: Justify your migration from Red Hat to CentOS

Rogue Wave Software

Dive deep into an actual enterprise Linux migration by walking through the planning and execution of the process as seen by our customers. Our enterprise architects will break down the key migration steps to explain the available options, decisions made, and demonstrate actions on a live system. This episode gives you a representative migration experience before you actually migrate, illustrating: Side-by-side comparisons between Red Hat Enterprise Linux and CentOS; steps to consider for the operating system; and steps to consider for common application stacks and packages.

Walk through an enterprise Linux migration

Rogue Wave Software

How to keep developers happy and lawyers calm

Rogue Wave Software

More from Rogue Wave Software (20)

The Global Influence of Open Banking, API Security, and an Open Data Perspective

No liftoff, touchdown, or heartbeat shall miss because of a software failure

Disrupt or be disrupted – Using secure APIs to drive digital transformation

Leveraging open banking specifications for rigorous API security – What’s in...

Adding layers of security to an API in real-time

Getting the most from your API management platform: A case study

Advanced technologies and techniques for debugging HPC applications

The forgotten route: Making Apache Camel work for you

Are open source and embedded software development on a collision course?

Three big mistakes with APIs and microservices

5 strategies for enterprise cloud infrastructure success

PSD2 & Open Banking: How to go from standards to implementation and compliance

Java 10 and beyond: Keeping up with the language and planning for the future

How to keep developers happy and lawyers calm (Presented at ESC Boston)

Open source applied - Real world use cases (Presented at Open Source 101)

How to migrate SourcePro apps from Solaris to Linux

Approaches to debugging mixed-language HPC apps

Enterprise Linux: Justify your migration from Red Hat to CentOS

Walk through an enterprise Linux migration

How to keep developers happy and lawyers calm

Recently uploaded

%in Soweto+277-882-255-28 abortion pills for sale in soweto

masabamasaba

WSO2CON 2024 - Building a Digital Government in Uganda

WSO2

WSO2Con2024 - Low-Code Integration Tooling

WSO2

WSO2Con2024 - Organization Management: The Revolution in B2B CIAM

WSO2

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

Shane Coughlan

WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...

WSO2

This presentation covers the following topics: What is logging? The purpose of logging: Debugging The purpose of logging: Security The purpose of logging: Stats & analytics Traditional logging Traditional logging: Advantages Traditional logging: Disadvantages The solution: Large-scale logging Large-scale logging: Core principles Large-scale logging: Solution types Large-scale logging: Cloud vs on-prem Large-scale logging: Operational complexity Large-scale logging: Security Large-scale logging: Costs Large-scale logging: On-prem comparison - Elasticsearch - Grafana Loki - VictoriaLogs On-prem comparison: Setup and operation On-prem comparison: Costs On-prem comparison: Full-text search support On-prem comparison: How to efficiently query 100TB of logs? On-prem comparison: Integration with CLI tools VictoriaLogs for large-scale logging VictoriaLogs demo instance - Ingestion rate: 3600 messages / minute - The number of log messages: 1.1 billion - Uncompressed log messages’ size: 1.5TB - Compressed log messages’ size: 23GB - Compression ratio: 47x - Memory usage: 150MB VictoriaLogs CLI integration demo - Which errors have occurred in all the apps during the last hour? - How many errors have occurred during the last hour? - Which apps generated the most of errors during the last hour? - The number of per-minute errors for the last 10 minutes - Status codes for the last hour - Non-200 status codes for the last week - Top client IPs for the last 4 weeks with 404 and 500 response status codes - Per-month stats for the given IP across all the logs Large-scale logging solution MUST provide excellent CLI integration VictoriaLogs: (temporary) drawbacks VictoriaLogs: Recap - Easy to setup and operate - The lowest RAM usage and disk space usage (up to 30x less than Elasticsearch and Grafana Loki) - Fast full-text search - Excellent integration with traditional command-line tools for log analysis - Accepts logs from popular log shippers (Filebeat, Fluentbit, Logstash, Vector, Promtail, Grafana Agent) - Open source and free to use!

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024

VictoriaMetrics

WSO2CON 2024 - How to Run a Security Program

WSO2

WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...

WSO2

WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration

WSO2

WSO2CON 2024 Slides - Open Source to SaaS

WSO2

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...

WSO2

WSO2Con204 - Hard Rock Presentation - Keynote

WSO2

WSO2Con2024 - Software Delivery in Hybrid Environments

WSO2

WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...

WSO2

Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...

Bert Jan Schrijver

WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration

WSO2

WSO2Con2024 - Unleashing the Financial Potential of 13 Million People

WSO2

WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...

WSO2

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

WSO2

Recently uploaded (20)

%in Soweto+277-882-255-28 abortion pills for sale in soweto

WSO2CON 2024 - Building a Digital Government in Uganda

WSO2Con2024 - Low-Code Integration Tooling

WSO2Con2024 - Organization Management: The Revolution in B2B CIAM

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024

WSO2CON 2024 - How to Run a Security Program

WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...

WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration

WSO2CON 2024 Slides - Open Source to SaaS

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...

WSO2Con204 - Hard Rock Presentation - Keynote

WSO2Con2024 - Software Delivery in Hybrid Environments

WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...

Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...

WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration

WSO2Con2024 - Unleashing the Financial Potential of 13 Million People

WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

Navigating agile automotive software development

1. Navigating Agile automotive software development June 24, 2015

2. Presenters Jeff Hildreth, Automotive Account Manager Rogue Wave Software Ahmed Abdelrahman, Release Engineer Rogue Wave Software John Chapman, Solutions Architect Rogue Wave Software 2© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED

3. Agenda • A holistic approach to cybersecurity • Blending DevOps and Agile for security • How to implement a Jenkins CI system • Examples of security defects • Q&A 3© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED

4. A holistic approach to cybersecurity

5. A holistic approach to cybersecurity © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 5 Information overload Develop an adaptive threat model Threat Model External Data Internal Threat Metric Action

6. © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 6 Threat model Most breaches result from input trust issues Threat modeling identifies, quantifies, and addresses security risks by: 1. Understanding the application & environment 2. Identifying & prioritizing threats 3. Determining mitigation actions Identify assets System overview Decompose application Identify threats Prioritize threats

7. © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 7 Security overload News Blogs, social media conferences Security standards OWASP, CWE, CERT, etc. Senator Markey report NVD, White Hat, Black Hat OEMs, internal Media More and more software running inside your car Standards and legislation Research Requirements Developers don’t know security (80% failed security knowledge survey)

8. Developing a threat metric © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 8 Build score • Automated and functional testing can give you a pass fail metric on every run of the test suite • A metric can be generated from penetration testing based on the number of exploitable paths in your code base • Software quality tools can give you a count of critical static analysis and compiler warnings • A metric can be developed based on the presence of snippets of open source code previously undetected or open source with new known vulnerabilities • All of these metrics can be generated on every build of your software

9. DevOps & Agile for security

10. Agile development: Integrated security © 2015 Rogue Wave Software, Inc. All Rights Reserved. 10 Adaptive Accept Sprint 1 Sprint 2 Sprint n Release Change Adjust and Track Feedback Review Next Iteration No! Yes! Release to Market Integrate and Test Integrate and Test Integrate and Test Multiple testing points Rapid feedback required “Outside” testing does not meet Agile needs

11. DevOps SDLC 11 Continuous Integration SDLC Step UAT/ exploratory testing Functional testing Performance load security Release Deploy Metric Understand Needs Invent Solution Develop Build Commit Idea © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED

12. Jenkins CI

14. Security example

18. DevOps SDLC 18 Continuous Integration SDLC Step UAT/ exploratory testing Functional testing Performance load security Release Deploy Metric Understand Needs Invent Solution Develop Build Commit Idea © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED

19. Conclusions © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 19 The application security world is fluid Create concrete, actionable strategies (Threat Metric, analysis & scanning) Delivery cycles are short Update regularly with well-defined process (Agile, CI)

20. See us in action: www.roguewave.com Jeff Hildreth | jeff.hildreth@roguewave.com

21. Q&A

Editor's Notes

In an Agile environment, release cycles may be measured in days rather than weeks, making testing for security and compliance more challenging. Agile requires frequent testing and rapid, continuous feedback. Shipping code to a separate group for testing, and receiving results days later, will break the Agile model. To be successful in an Agile environment, compliance and security testing and feedback must be integrated with the rest of the Agile team. Note, with Agile, “Release to Market” doesn’t always mean an external release, Potentially shippable increment, or PSI, and minimum viable product (MVP) are two terms used to describe what may or may not be released to customers. When we examine the process, testing is brought in throughout the development lifecycle, rather than waiting until the development is complete. For this reason, testers are typically part of the Agile teams, and testing user stories are built into the backlog from the outset of the sprint, or iteration.
http://www.edn.com/design/automotive/4423428/Toyota-s-killer-firmware--Bad-design-and-its-consequences An example of unintended behavior introduced via a supplier.
http://www.edn.com/design/automotive/4423428/Toyota-s-killer-firmware--Bad-design-and-its-consequences An example of unintended behavior introduced via a supplier.
http://www.edn.com/design/automotive/4423428/Toyota-s-killer-firmware--Bad-design-and-its-consequences An example of unintended behavior introduced via a supplier.
http://www.edn.com/design/automotive/4423428/Toyota-s-killer-firmware--Bad-design-and-its-consequences An example of unintended behavior introduced via a supplier.
http://www.edn.com/design/automotive/4423428/Toyota-s-killer-firmware--Bad-design-and-its-consequences An example of unintended behavior introduced via a supplier.

Navigating agile automotive software development

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Navigating agile automotive software development

Similar to Navigating agile automotive software development (20)

More from Rogue Wave Software

More from Rogue Wave Software (20)

Recently uploaded

Recently uploaded (20)

Navigating agile automotive software development

Editor's Notes