At the Synopsys Security Event - Israel, Girish Janardhanudu, VP Security Consulting, Synopsys presented on software security. For more information, please visit us at www.synopsys.com/software
During a recent webinar, Jonathan Knudsen presented: "That's Not How This Works: All Development Should Be Secure."
Development teams are pressured to push new software out quickly. But with speed comes risk. Anyone can write software, but if you want to create software that is safe, secure, and robust, you need the right process. Webinar attendees will learn:
• Why traditional approaches to software development usually end in tears and heartburn
• How a structured approach to secure software development lowers risk for you and your customers
• Why automation and security testing tools are key components in the implementation of a secure development life cycle
For more information, please visit our website at www.synopsys.com/software-integrity.html
Dan Sturtevant, Silverthread and Niles Madison at Synopsys discussed design quality and code quality on a recent webinar.
In an acquisition where a software asset is a core part of the deal valuation, it’s important to understand the overall quality of the software prior to doing the deal. Buggy software is problematic and needs to be cleaned up, so assessing code quality is important. But also, with poorly designed software, every fix is costly and laborious. This can significantly impact the long-term viability of the application, and maintaining that software can seriously degrade ROI. That’s why understanding a software system’s design or architectural health and the likely 'cost of ownership' is key..
For more information, please visit our website at https://www.synopsys.com/open-source-audit
Solving for Compliance: Mobile app security for banking and financial servicesNowSecure
Mobile apps fall in scope for a number of regulatory requirements that govern the banking and financial services industries, such as: guidelines from the Federal Financial Institutions Examination Council (FFIEC), the Gramm–Leach–Bliley Act (GLBA), New York State cybersecurity requirements for financial services companies, the Payment Card Industry Data Security Standard (PCI DSS), the Sarbanes-Oxley Act, and more. Luckily, a repeatable mobile app security assessment program and standardized reporting go a long way in both achieving compliance objectives and securing mobile apps and data.
Originally presented on August 22, 2017, NowSecure Security Solutions Engineer Brian Lawrence explains:
-- How and where exactly mobile apps fall in scope for various compliance regimes
-- Mobile app security issues financial institutions must identify and fix for compliance purposes
-- How assessment reports can be used to demonstrate due diligence
Today’s security professionals and software developers not only have to do more in less time; they have to do it securely. This means mitigating risk and addressing compliance requirements in an environment where:
• The threat landscape continues to evolve.
• Application portfolios and their risk profiles continue to shift.
• Security tools are difficult to deploy, configure, and integrate into workflows.
• Consumption models continue to change.
How can your internal resources keep pace in this dynamic environment? Managed application security testing can be just the relief valve your organization needs. In this webinar, we’ll discuss the need for managed application security testing, the sweet spots where it offers maximum value, what you should look for in a managed application security testing provider, and highlights from Synopsys’ Managed Services offering.
Today’s security professionals and software developers not only have to do more in less time; they have to do it securely. This means mitigating risk and addressing compliance requirements in an environment where:
• The threat landscape continues to evolve.
• Application portfolios and their risk profiles continue to shift.
• Security tools are difficult to deploy, configure, and integrate into workflows.
• Consumption models continue to change.
How can your internal resources keep pace in this dynamic environment? Managed application security testing can be just the relief valve your organization needs. In this webinar, we’ll discuss the need for managed application security testing, the sweet spots where it offers maximum value, what you should look for in a managed application security testing provider, and highlights from Synopsys’ Managed Services offering.
For more information, please visit our website at https://www.synopsys.com/software-integrity/managed-services.html
SecDevOps: afaste-se dos ciberataques sem complicar o dia a dia dos desenvolv...Dárcio Takara
As aplicações são agora o perímetro de segurança mais atacado. A crescente complexidade do software tornou-se o alvo de mais da metade de todos os ataques bem-sucedidos. É fácil ver o porquê: 80% das aplicações falham em seu primeiro teste de segurança. Ao mesmo tempo, há pressão por entrega de software cada vez mais rápido – sempre em busca de time-to-market. A resposta todos já sabem: SecDevOps, mas como colocar em prática sem complicar a vida dos desenvolvedores?
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Berezha Security Group
Are you a top manager, business owner, or CISO, responsible for your company’s information security?
Do you want to understand how much you should invest in cybersecurity, and what is more important – how to measure the efficiency of security investment (ROSI)?
Do you want to know how much other organizations invest in a corporate security of small, medium, and enterprise businesses in Ukraine and the world? And what are the indicators you should follow when evaluating your company’s security program?
We will help you deal with these and other difficult questions, different points of view and find some answers on the webinar by Berezha Security Group professionals.
The VIDEO WITH WEBINAR in English is by the link: https://youtu.be/IVCVpi8Eo6g
Questions to discuss:
1. What should CISOs and top managers know about Return on Security Investment?
2. Average costs of corporate security for small, medium, and enterprise businesses.
3. Investing in cybersecurity: how to showcase the effectiveness?
4. Leading indicators of cybersecurity investment effectiveness on practice.
5. Are there any “secrets” of effective cybersecurity investment?
6. What cybersecurity strategy will bring the best Return on Security Investment?
7. Strategic services for planning a cybersecurity program.
8. Questions and Answers.
Our speakers
-Vlad Styran, CISSP CISA, Co-founder & CEO, BSG
Vlad is an internationally known cybersecurity expert with over 15+ years of experience in Penetration Testing, Social Engineering, and Security Awareness.
He is a BSG Co-founder & CEO and responsible for business and cybersecurity strategies. He could help businesses with consulting services in software security, cybersecurity awareness, strategy, and investment. Also, he acts as a speaker, blogger, podcaster in his volunteer activities.
- Andriy Varusha, CISSP, Co-founder & CSO, BSG
Andriy is an experienced top manager in IT-audit, consulting, and IT project management by leading outsourcing teams in Ukraine, Poland, and the USA. He also is keen on building customer relationships within the US, UK, and Western Europe geographies. At BSG, he leads the BSG advisory practice and consults development teams in all aspects of cybersecurity.
Who we are?
Berezha Security Group (BSG) is a Ukrainian consulting company focused on application security and penetration testing. Our job is to help companies in all aspects of cybersecurity. We complete more than 50 Penetration Testing and Application Security projects yearly, so we know the business security vulnerabilities across the verticals. We help our customers address their future security challenges: prevent data breaches and achieve compliance.
Our contacts: hello@bsg.tech ; https://bsg.tech
At the Synopsys Security Event - Israel, Girish Janardhanudu, VP Security Consulting, Synopsys presented on software security. For more information, please visit us at www.synopsys.com/software
During a recent webinar, Jonathan Knudsen presented: "That's Not How This Works: All Development Should Be Secure."
Development teams are pressured to push new software out quickly. But with speed comes risk. Anyone can write software, but if you want to create software that is safe, secure, and robust, you need the right process. Webinar attendees will learn:
• Why traditional approaches to software development usually end in tears and heartburn
• How a structured approach to secure software development lowers risk for you and your customers
• Why automation and security testing tools are key components in the implementation of a secure development life cycle
For more information, please visit our website at www.synopsys.com/software-integrity.html
Dan Sturtevant, Silverthread and Niles Madison at Synopsys discussed design quality and code quality on a recent webinar.
In an acquisition where a software asset is a core part of the deal valuation, it’s important to understand the overall quality of the software prior to doing the deal. Buggy software is problematic and needs to be cleaned up, so assessing code quality is important. But also, with poorly designed software, every fix is costly and laborious. This can significantly impact the long-term viability of the application, and maintaining that software can seriously degrade ROI. That’s why understanding a software system’s design or architectural health and the likely 'cost of ownership' is key..
For more information, please visit our website at https://www.synopsys.com/open-source-audit
Solving for Compliance: Mobile app security for banking and financial servicesNowSecure
Mobile apps fall in scope for a number of regulatory requirements that govern the banking and financial services industries, such as: guidelines from the Federal Financial Institutions Examination Council (FFIEC), the Gramm–Leach–Bliley Act (GLBA), New York State cybersecurity requirements for financial services companies, the Payment Card Industry Data Security Standard (PCI DSS), the Sarbanes-Oxley Act, and more. Luckily, a repeatable mobile app security assessment program and standardized reporting go a long way in both achieving compliance objectives and securing mobile apps and data.
Originally presented on August 22, 2017, NowSecure Security Solutions Engineer Brian Lawrence explains:
-- How and where exactly mobile apps fall in scope for various compliance regimes
-- Mobile app security issues financial institutions must identify and fix for compliance purposes
-- How assessment reports can be used to demonstrate due diligence
Today’s security professionals and software developers not only have to do more in less time; they have to do it securely. This means mitigating risk and addressing compliance requirements in an environment where:
• The threat landscape continues to evolve.
• Application portfolios and their risk profiles continue to shift.
• Security tools are difficult to deploy, configure, and integrate into workflows.
• Consumption models continue to change.
How can your internal resources keep pace in this dynamic environment? Managed application security testing can be just the relief valve your organization needs. In this webinar, we’ll discuss the need for managed application security testing, the sweet spots where it offers maximum value, what you should look for in a managed application security testing provider, and highlights from Synopsys’ Managed Services offering.
Today’s security professionals and software developers not only have to do more in less time; they have to do it securely. This means mitigating risk and addressing compliance requirements in an environment where:
• The threat landscape continues to evolve.
• Application portfolios and their risk profiles continue to shift.
• Security tools are difficult to deploy, configure, and integrate into workflows.
• Consumption models continue to change.
How can your internal resources keep pace in this dynamic environment? Managed application security testing can be just the relief valve your organization needs. In this webinar, we’ll discuss the need for managed application security testing, the sweet spots where it offers maximum value, what you should look for in a managed application security testing provider, and highlights from Synopsys’ Managed Services offering.
For more information, please visit our website at https://www.synopsys.com/software-integrity/managed-services.html
SecDevOps: afaste-se dos ciberataques sem complicar o dia a dia dos desenvolv...Dárcio Takara
As aplicações são agora o perímetro de segurança mais atacado. A crescente complexidade do software tornou-se o alvo de mais da metade de todos os ataques bem-sucedidos. É fácil ver o porquê: 80% das aplicações falham em seu primeiro teste de segurança. Ao mesmo tempo, há pressão por entrega de software cada vez mais rápido – sempre em busca de time-to-market. A resposta todos já sabem: SecDevOps, mas como colocar em prática sem complicar a vida dos desenvolvedores?
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Berezha Security Group
Are you a top manager, business owner, or CISO, responsible for your company’s information security?
Do you want to understand how much you should invest in cybersecurity, and what is more important – how to measure the efficiency of security investment (ROSI)?
Do you want to know how much other organizations invest in a corporate security of small, medium, and enterprise businesses in Ukraine and the world? And what are the indicators you should follow when evaluating your company’s security program?
We will help you deal with these and other difficult questions, different points of view and find some answers on the webinar by Berezha Security Group professionals.
The VIDEO WITH WEBINAR in English is by the link: https://youtu.be/IVCVpi8Eo6g
Questions to discuss:
1. What should CISOs and top managers know about Return on Security Investment?
2. Average costs of corporate security for small, medium, and enterprise businesses.
3. Investing in cybersecurity: how to showcase the effectiveness?
4. Leading indicators of cybersecurity investment effectiveness on practice.
5. Are there any “secrets” of effective cybersecurity investment?
6. What cybersecurity strategy will bring the best Return on Security Investment?
7. Strategic services for planning a cybersecurity program.
8. Questions and Answers.
Our speakers
-Vlad Styran, CISSP CISA, Co-founder & CEO, BSG
Vlad is an internationally known cybersecurity expert with over 15+ years of experience in Penetration Testing, Social Engineering, and Security Awareness.
He is a BSG Co-founder & CEO and responsible for business and cybersecurity strategies. He could help businesses with consulting services in software security, cybersecurity awareness, strategy, and investment. Also, he acts as a speaker, blogger, podcaster in his volunteer activities.
- Andriy Varusha, CISSP, Co-founder & CSO, BSG
Andriy is an experienced top manager in IT-audit, consulting, and IT project management by leading outsourcing teams in Ukraine, Poland, and the USA. He also is keen on building customer relationships within the US, UK, and Western Europe geographies. At BSG, he leads the BSG advisory practice and consults development teams in all aspects of cybersecurity.
Who we are?
Berezha Security Group (BSG) is a Ukrainian consulting company focused on application security and penetration testing. Our job is to help companies in all aspects of cybersecurity. We complete more than 50 Penetration Testing and Application Security projects yearly, so we know the business security vulnerabilities across the verticals. We help our customers address their future security challenges: prevent data breaches and achieve compliance.
Our contacts: hello@bsg.tech ; https://bsg.tech
Open source software: Diligence, compliance, and future trendsRogue Wave Software
If you believe the myth, “OSS is free so I don’t have any license obligations,” then you may want to reconsider how you approach your risks. Taking time to learn common mistakes made by developers can save your company costly expenses and slipups.
On the path to innovation, development teams fear nothing but try to avoid three things: Re-work, lawyers, and, missing deadlines. In this presentation, Rod Cope will discuss what to do when software is not license compliant, to help avoid lawyers getting involved, disrupting schedules and potential architectural or code changes.
Related OSS Projects - Peter Rowe, Flexera SoftwareOpenStack
Audience Level
Intermediate
Synopsis
Today’s fast-paced development environment has changed the compliance landscape. Many software projects consist of more than 50% Open Source Software (OSS) components, but as much as 99% are undocumented, increasing the complexities of managing your company’s software compliance process.
Of particular concern is “Zombie software”, or software that is outdated and contains vulnerable versions of certain components. Zombies can live in your code forever if you’re not aware of them. The acceleration of modern development lifecycles and the breakdown of an undocumented software supply chain have opened up new pathways for zombies to enter your software – leaving you exposed to security threats.
This presentation discusses best practices for implementing an Open Source Software management strategy that covers common pitfalls and commercial licence issues as well as the optimal way to track and eliminate the risks associated with Zombies!
Speaker Bio:
Involved in and around IT development for over 20 years, starting as a web developer using NotePad in 1995 when the most exciting thing online was Sun’s animated Java coffee cup, through Numega Pre-Sales selling BoundsChecker and now into the brave, new World of Open Source and software composition analysis.
How to keep developers happy and lawyers calm (Presented at ESC Boston)Rogue Wave Software
On the path to innovation, development teams fear nothing but try to avoid three things: Re-work, lawyers, and, missing deadlines. In this talk, Rod Cope will discuss what to do when software is not license compliant, to help avoid lawyers getting involved, disrupting schedules and potential architectural or code changes.
The initial step in helping make sure teams are in compliance with open source licenses is education.
The goal is to provide concrete steps towards development teams adopting a vested interest in paying attention to what open source they download and how it's used.
Are open source and embedded software development on a collision course?Rogue Wave Software
Presented at Embedded Systems Conference (ESC) Minneapolis 2018, this session discusses the most effective uses of open source software; how to maintain MISRA, CWE, OWASP, and other standards compliance across all code sources; how to avoid license risk; and reduce critical safety and security issues.
Two of the most important topics on everyone’s mind when developing PHP applications are performance and security.
Rogue Wave Software and RIPS Technologies are teaming up to show you how you can utilize our solutions to help make your PHP applications safe and fast. We will use a typical Magento implementation as an example to speak about finding and eliminating bottlenecks and debugging your code. We will also demonstrate how you can detect security vulnerabilities using cutting edge static code analysis.
Identifying and managing the risks of open source software for PHP developersRogue Wave Software
Do you really need to worry about using open source software in developing commercial applications? This presentation looks at the key risk areas, how to identify and quantify the risk, and what steps if any are needed to deal with the risks.
Black Duck and Tech Contracts Academy discussed the implications of open source software in tech contracts. The topic of open source has been at the forefront of the technology industry for many years, but as the use of open source in commercial applications explodes, so do concerns about addressing license and ownership issues in contract negotiations.
David Tollen is the founder of Tech Contracts Academy (www.TechContracts.com) and of Sycamore Legal P.C., in San Francisco. He’s the author of The Tech Contracts Handbook: Cloud Computing Agreements, Software Licenses, and Other IT Contracts for Lawyers and Businesspeople. He will dive into these topics from the perspective of both buyers and sellers and aims to educate on Intellectual Property (IP) protection and other terms and how they should work during contract negotiations.
When something goes wrong in your software, you fix it. When something is wrong in an OSS package you’re beholden to community fixes and web search - neither cares about your needs or your timeline.
In this webinar, our director of product management and OSS expert, Richard Sherrard, examines: How to know exactly what packages are used in your company; Specific technical, security, and licensing hurdles that many organizations face; and
What “free” actually means when it comes to OSS.
OSS has taken over the enterprise: The top five OSS trends of 2015Rogue Wave Software
It’s everywhere. From your phone to the enterprise, open source software (OSS) is running far and wide. Gartner predicts that by 2016, 99 percent of Global 2000 enterprises will use open source in mission-critical software. While it’s free, easy to find, and pushes software to the market faster, it’s vital to understand how to use OSS safely.
Join Richard Sherrard, director of product management at Rogue Wave, for a live webinar reviewing the top five OSS trends of 2015. From OSS discovery, to risk, and governance, we’ll take a deep dive into the trends we’ve noticed this year while providing you with some predictions for 2016.
In this webinar you’ll learn how to:
-Discover the OSS in your codebase to ensure that code is free of bugs, security vulnerabilities, and license conflicts
-Implement controls on OSS usage at your organization
-Create a multi-tier approach to OSS risk reduction with open source tools, static code analysis and dynamic analysis
Watch the webinar recording now: https://www.brighttalk.com/webcast/12285/164531
Whether you’re considering migrating to PHP 7 or are already there, you need to know the specifics of how to keep your application running smoothly, efficiently, and with minimum downtime. Take these techniques proven by our customers to make your PHP 7 application shine.
Strategies for Commercial Software Developers Using Open Source Code in Propr...Mary Lou Wakimura
Commercial software developers are often drawn to open source code to help deliver a low cost and flexible product that can quickly be brought to market. While there are benefits, there are also risks and pitfalls. With the growth and influence of free software licensing, some have been asserting the General Public License (GPL) violations in litigation to attempt to gain an advantage. Please join us as we explore these issues and discuss strategies to protect your product from litigation and to evaluate whether your new product will be strengthened or weakened by the integration of open source software, and in particular the GPL.
Gain insight into:
- Reach of the influential free software license GPL;
- Emerging risk of copyright trolls in open source;
- Risk of Free Software Foundation sponsored litigation in response to GPL violations;
- Contours of what constitutes a derivative work employing Linux code in the context of the GPL; and
- Lessons learned from the Hellwig vs. VMware case.
Implementing and Managing an Open Source Compliance Program: A Crash CourseFINOS
Ibrahim Haddad, Samsung Research America: Implementing and Managing an Open Source Compliance Program: A Crash Course.
The past decade has witnessed an unprecedented adoption of open source software by enterprises for the various advantages it offers. This massive adoption of open source software came with legal and compliance responsibilities. Enterprises and development organizations have since then started establishing policies around open source usage (and contribution), and implementing engineering development processes to insure that software products that deploy are in compliance. This presentation provides a guide to doing compliance the right way (one of many) with an overview on setting up an open source compliance program and institutionalizing best practices.
Course Outline (subject to change based on time allocation)
• Overview of open source compliance
• Failure to comply
• Lessons learned from non compliance cases
• Overview of the compliance program
• Compliance challenges and solutions
• Achieving compliance: roles and responsibilities
• Sample compliance process
• Tools and automation
• Responding to compliance inquiries
Audience
Anyone involved in bringing software into the organization and anyone involved in developing and distributing products or interfacing with customers, including
• Corporate Management
• Engineering
• Product Management, Project Management, and Process Management
• Testing, Quality Assurance, Configuration Management and Logistics
• Law Department
• Purchasing / Supply Chain
How enterprises learned to stop worrying and love open sourceRogue Wave Software
There's an obvious competitive edge to using OSS and it's at the core of your enterprise, but do you know the key lessons learned from the history of open source risks? Learn:
The history of the OSS revolution; The impacts of package, language, and skills growth; Lessons learned for security, technical, and licensing risks.
This presentation gives you the evidence as to why unit testing works and a process for how to bring it your team as soon as possible. There's a reason why the growth of unit testing, and automated unit testing in particular, has exploded over the past few years. It not only improves your code, it's faster than releasing code without tests. You'll learn: What, exactly, is a unit test?; The 7 reasons why managers love unit testing; and how to change mindset and processes to start unit testing now.
We’ve all seen the examples of how Netflix and others have transformed their entire business on the back of publishing APIs. You may not be Netflix, but there’s no sign the API economy is slowing down. APIs are everywhere, from social and mobile apps to IoT, big data, and microservices. They’re driving your business and helping you expand into new markets, modernize legacy business applications, and integrate diverse and interdependent systems and data. So how do you leverage APIs to be an efficient way to generate new business value and innovate with minimal risk?
Building Reliability - The Realities of ObservabilityAll Things Open
Presented at the ATO RTP Meetup
Presented by Jeremy Proffit, Director of DevSecOps & SRE for Customer Care and Communications, Ally
Title: Building Reliability - The Realities of Observability
Abstract: Join me as we discuss true observability, learn what works and what doesn't. We'll not only discuss dashboards, monitoring and alerting, but how these can be built by automation or included in your IAC modules. We'll talk about how to properly alert staff based on priority to keep your staff and yourself sane. And even discuss architecture and how it impacts reliably and why serverless isn't always the best at being reliable.
Presented at the ATO RTP Meetup
Presented by Peter Zaitsev, Founder of Percona
Title: Modern Database Best Practices
Abstract: There are now more Database choices available for developers than ever before - there are general purpose databases and specialized databases, single node and distributed databases, Open Source, Proprietary databases and databases available exclusively in the cloud. In this presentation we will cover the best practices of choosing database(s) for your applications, best practices as it comes to application development as well as managing those databases to achieve best possible performance, security, availability at the lowest cost.
More Related Content
Similar to How to Keep Developers Happy and Lawyers Calm
Open source software: Diligence, compliance, and future trendsRogue Wave Software
If you believe the myth, “OSS is free so I don’t have any license obligations,” then you may want to reconsider how you approach your risks. Taking time to learn common mistakes made by developers can save your company costly expenses and slipups.
On the path to innovation, development teams fear nothing but try to avoid three things: Re-work, lawyers, and, missing deadlines. In this presentation, Rod Cope will discuss what to do when software is not license compliant, to help avoid lawyers getting involved, disrupting schedules and potential architectural or code changes.
Related OSS Projects - Peter Rowe, Flexera SoftwareOpenStack
Audience Level
Intermediate
Synopsis
Today’s fast-paced development environment has changed the compliance landscape. Many software projects consist of more than 50% Open Source Software (OSS) components, but as much as 99% are undocumented, increasing the complexities of managing your company’s software compliance process.
Of particular concern is “Zombie software”, or software that is outdated and contains vulnerable versions of certain components. Zombies can live in your code forever if you’re not aware of them. The acceleration of modern development lifecycles and the breakdown of an undocumented software supply chain have opened up new pathways for zombies to enter your software – leaving you exposed to security threats.
This presentation discusses best practices for implementing an Open Source Software management strategy that covers common pitfalls and commercial licence issues as well as the optimal way to track and eliminate the risks associated with Zombies!
Speaker Bio:
Involved in and around IT development for over 20 years, starting as a web developer using NotePad in 1995 when the most exciting thing online was Sun’s animated Java coffee cup, through Numega Pre-Sales selling BoundsChecker and now into the brave, new World of Open Source and software composition analysis.
How to keep developers happy and lawyers calm (Presented at ESC Boston)Rogue Wave Software
On the path to innovation, development teams fear nothing but try to avoid three things: Re-work, lawyers, and, missing deadlines. In this talk, Rod Cope will discuss what to do when software is not license compliant, to help avoid lawyers getting involved, disrupting schedules and potential architectural or code changes.
The initial step in helping make sure teams are in compliance with open source licenses is education.
The goal is to provide concrete steps towards development teams adopting a vested interest in paying attention to what open source they download and how it's used.
Are open source and embedded software development on a collision course?Rogue Wave Software
Presented at Embedded Systems Conference (ESC) Minneapolis 2018, this session discusses the most effective uses of open source software; how to maintain MISRA, CWE, OWASP, and other standards compliance across all code sources; how to avoid license risk; and reduce critical safety and security issues.
Two of the most important topics on everyone’s mind when developing PHP applications are performance and security.
Rogue Wave Software and RIPS Technologies are teaming up to show you how you can utilize our solutions to help make your PHP applications safe and fast. We will use a typical Magento implementation as an example to speak about finding and eliminating bottlenecks and debugging your code. We will also demonstrate how you can detect security vulnerabilities using cutting edge static code analysis.
Identifying and managing the risks of open source software for PHP developersRogue Wave Software
Do you really need to worry about using open source software in developing commercial applications? This presentation looks at the key risk areas, how to identify and quantify the risk, and what steps if any are needed to deal with the risks.
Black Duck and Tech Contracts Academy discussed the implications of open source software in tech contracts. The topic of open source has been at the forefront of the technology industry for many years, but as the use of open source in commercial applications explodes, so do concerns about addressing license and ownership issues in contract negotiations.
David Tollen is the founder of Tech Contracts Academy (www.TechContracts.com) and of Sycamore Legal P.C., in San Francisco. He’s the author of The Tech Contracts Handbook: Cloud Computing Agreements, Software Licenses, and Other IT Contracts for Lawyers and Businesspeople. He will dive into these topics from the perspective of both buyers and sellers and aims to educate on Intellectual Property (IP) protection and other terms and how they should work during contract negotiations.
When something goes wrong in your software, you fix it. When something is wrong in an OSS package you’re beholden to community fixes and web search - neither cares about your needs or your timeline.
In this webinar, our director of product management and OSS expert, Richard Sherrard, examines: How to know exactly what packages are used in your company; Specific technical, security, and licensing hurdles that many organizations face; and
What “free” actually means when it comes to OSS.
OSS has taken over the enterprise: The top five OSS trends of 2015Rogue Wave Software
It’s everywhere. From your phone to the enterprise, open source software (OSS) is running far and wide. Gartner predicts that by 2016, 99 percent of Global 2000 enterprises will use open source in mission-critical software. While it’s free, easy to find, and pushes software to the market faster, it’s vital to understand how to use OSS safely.
Join Richard Sherrard, director of product management at Rogue Wave, for a live webinar reviewing the top five OSS trends of 2015. From OSS discovery, to risk, and governance, we’ll take a deep dive into the trends we’ve noticed this year while providing you with some predictions for 2016.
In this webinar you’ll learn how to:
-Discover the OSS in your codebase to ensure that code is free of bugs, security vulnerabilities, and license conflicts
-Implement controls on OSS usage at your organization
-Create a multi-tier approach to OSS risk reduction with open source tools, static code analysis and dynamic analysis
Watch the webinar recording now: https://www.brighttalk.com/webcast/12285/164531
Whether you’re considering migrating to PHP 7 or are already there, you need to know the specifics of how to keep your application running smoothly, efficiently, and with minimum downtime. Take these techniques proven by our customers to make your PHP 7 application shine.
Strategies for Commercial Software Developers Using Open Source Code in Propr...Mary Lou Wakimura
Commercial software developers are often drawn to open source code to help deliver a low cost and flexible product that can quickly be brought to market. While there are benefits, there are also risks and pitfalls. With the growth and influence of free software licensing, some have been asserting the General Public License (GPL) violations in litigation to attempt to gain an advantage. Please join us as we explore these issues and discuss strategies to protect your product from litigation and to evaluate whether your new product will be strengthened or weakened by the integration of open source software, and in particular the GPL.
Gain insight into:
- Reach of the influential free software license GPL;
- Emerging risk of copyright trolls in open source;
- Risk of Free Software Foundation sponsored litigation in response to GPL violations;
- Contours of what constitutes a derivative work employing Linux code in the context of the GPL; and
- Lessons learned from the Hellwig vs. VMware case.
Implementing and Managing an Open Source Compliance Program: A Crash CourseFINOS
Ibrahim Haddad, Samsung Research America: Implementing and Managing an Open Source Compliance Program: A Crash Course.
The past decade has witnessed an unprecedented adoption of open source software by enterprises for the various advantages it offers. This massive adoption of open source software came with legal and compliance responsibilities. Enterprises and development organizations have since then started establishing policies around open source usage (and contribution), and implementing engineering development processes to insure that software products that deploy are in compliance. This presentation provides a guide to doing compliance the right way (one of many) with an overview on setting up an open source compliance program and institutionalizing best practices.
Course Outline (subject to change based on time allocation)
• Overview of open source compliance
• Failure to comply
• Lessons learned from non compliance cases
• Overview of the compliance program
• Compliance challenges and solutions
• Achieving compliance: roles and responsibilities
• Sample compliance process
• Tools and automation
• Responding to compliance inquiries
Audience
Anyone involved in bringing software into the organization and anyone involved in developing and distributing products or interfacing with customers, including
• Corporate Management
• Engineering
• Product Management, Project Management, and Process Management
• Testing, Quality Assurance, Configuration Management and Logistics
• Law Department
• Purchasing / Supply Chain
How enterprises learned to stop worrying and love open sourceRogue Wave Software
There's an obvious competitive edge to using OSS and it's at the core of your enterprise, but do you know the key lessons learned from the history of open source risks? Learn:
The history of the OSS revolution; The impacts of package, language, and skills growth; Lessons learned for security, technical, and licensing risks.
This presentation gives you the evidence as to why unit testing works and a process for how to bring it your team as soon as possible. There's a reason why the growth of unit testing, and automated unit testing in particular, has exploded over the past few years. It not only improves your code, it's faster than releasing code without tests. You'll learn: What, exactly, is a unit test?; The 7 reasons why managers love unit testing; and how to change mindset and processes to start unit testing now.
We’ve all seen the examples of how Netflix and others have transformed their entire business on the back of publishing APIs. You may not be Netflix, but there’s no sign the API economy is slowing down. APIs are everywhere, from social and mobile apps to IoT, big data, and microservices. They’re driving your business and helping you expand into new markets, modernize legacy business applications, and integrate diverse and interdependent systems and data. So how do you leverage APIs to be an efficient way to generate new business value and innovate with minimal risk?
Building Reliability - The Realities of ObservabilityAll Things Open
Presented at the ATO RTP Meetup
Presented by Jeremy Proffit, Director of DevSecOps & SRE for Customer Care and Communications, Ally
Title: Building Reliability - The Realities of Observability
Abstract: Join me as we discuss true observability, learn what works and what doesn't. We'll not only discuss dashboards, monitoring and alerting, but how these can be built by automation or included in your IAC modules. We'll talk about how to properly alert staff based on priority to keep your staff and yourself sane. And even discuss architecture and how it impacts reliably and why serverless isn't always the best at being reliable.
Presented at the ATO RTP Meetup
Presented by Peter Zaitsev, Founder of Percona
Title: Modern Database Best Practices
Abstract: There are now more Database choices available for developers than ever before - there are general purpose databases and specialized databases, single node and distributed databases, Open Source, Proprietary databases and databases available exclusively in the cloud. In this presentation we will cover the best practices of choosing database(s) for your applications, best practices as it comes to application development as well as managing those databases to achieve best possible performance, security, availability at the lowest cost.
All Things Open 2023
Presented at All Things Open 2023
Presented by Deb Bryant - Open Source Initiative, Patrick Masson - Apereo Foundation, Stephen Jacobs - Rochester Institute of Technology, Ruth Suehle - SAS, & Greg Wallace - FreeBSD Foundation
Title: Open Source and Public Policy
Abstract: New regulations in the software industry and adjacent areas such as AI, open science, open data, and open education are on the rise around the world. Cyber Security, societal impact of AI, data and privacy are paramount issues for legislators globally. At the same time, the COVID-19 pandemic drove collaborative development to unprecedented levels and took Open Source software, open research, open content and data from mainstream to main stage, creating tension between public benefit and citizen safety and security as legislators struggle to find a balance between open collaboration and protecting citizens.
Historically, the open source software community and foundations supporting its work have not engaged in policy discussions. Moving forward, thoughtful development of these important public policies whilst not harming our complex ecosystems requires an understanding of how our ecosystem operates. Ensuring stakeholders without historic benefit of representation in those discussions becomes paramount to that end.
Please join our open discussion with open policy stakeholders working constructively on current open policy topics. Our panelists will provide a view into how oss foundations and other open domain allies are now rising to this new challenge as well as seizing the opportunity to influence positive changes to the public’s benefit.
Topics: Public Policy, Open Science, Open Education, current legislation in the US and EU, US interest in OSS sustainability, intro to the Open Policy Alliance
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...All Things Open
Presented at All Things Open 2023
Presented by Ashpak Shaikh & Lucy Shen - Intuit
Title: Weaving Microservices into a Unified GraphQL Schema with graph-quilt
Abstract: The magic of GraphQL is that it provides data access through a single endpoint—clean and easy. But as the number of GraphQL microservices your tech stack depends on starts to grow, that single-endpoint purpose becomes a new multi-endpoint problem. Ideally, we would have an orchestrator that could aggregate schemas from multiple microservices into a unified GraphQL schema and route the requests to the appropriate microservice.
Enter graph-quilt, an open source Java library that provides recursive schema stitching and Apollo Federation style schema composition. In this talk, we’ll walk through our GraphQL journey and show you how to use graph-quilt to simplify your data orchestration needs. We will also share our open sourced reference implementation of a highly performant graph-quilt gateway currently being used in production here at Intuit, where we’ve had incredible success in scaling the gateway with 50+ microservices and 150+ clients.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
The State of Passwordless Auth on the Web - Phil NashAll Things Open
Presented at All Things Open 2023
Presented by Phil Nash - Sonar
Title: The State of Passwordless Auth on the Web
Abstract: Can we get rid of passwords yet? They make for a poor user experience and users are notoriously bad with them. The advent of WebAuthn has brought a passwordless world closer, but where do we really stand?
In this talk we'll explore the current user experience of WebAuthn and the requirements a user has to fulfil to authenticate without a password. We'll also explore the fallbacks and safeguards we can use to make the password experience better and more secure. By the end of the session you'll have a vision of how authentication could look in the future and a blueprint for how to build the best auth experience today.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Total ReDoS: The dangers of regex in JavaScriptAll Things Open
Presented at All Things Open 2023
Presented by Phil Nash - Sonar
Title: Total ReDoS: The dangers of regex in JavaScript
Abstract: Regular expressions are complicated and can be hard to learn. On top of that, they can also be a security risk; writing the wrong pattern can open your application up to denial of service attacks. One token out of place and you invite in the dreaded ReDoS.
But how can a regular expression cause this? In this talk we’ll track down the patterns that can cause this trouble, explain why they are an issue and propose ways to fix them now and avoid them in the future. Together we’ll demystify these powerful search patterns and keep your application safe from expressions that behave in a way that is anything but regular.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
What Does Real World Mass Adoption of Decentralized Tech Look Like?All Things Open
Presented at All Things Open 2023
Presented by Karl Mozurkewich - Storj
Title: What Does Real World Mass Adoption of Decentralized Tech Look Like?
Abstract: We delve into the transformative potential of decentralized technology. Beginning with a brief overview of the rise of centralization with the advent of the internet and the counter-shift marked by blockchain we explore the intrinsic characteristics of decentralized and distributed systems, such as trustless operations, peer-to-peer networks, and enterprise application scalability. Various sectors, including finance, supply chains, media and entertainment, data science and cloud infrastructure are on the brink of disruption. The societal implications are vast, with the potential for greater individual empowerment, a greener planet and more viable resource utilization, but concerns about data security persist.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by Anastasia Lalamentik - Kaleido
Title: How to Write & Deploy a Smart Contract
Abstract: In this talk, Anastasia Lalamentik, Full Stack Engineer at Kaleido, will walk through how Ethereum smart contracts work and go over related concepts like gas fees, the Ethereum Virtual Machine (EVM), the block explorer, and the Solidity programming language. This is vital to anyone who wants to build a blockchain app and is a great introduction to blockchain technology for newcomers to the space.
By the end of the talk, attendees will better understand how to:
- Write a simple smart contract
- Deploy their smart contract to an Ethereum test network through the latest tools like Hardhat and the MetaMask wallet
- Test interactions with their deployed smart contract and ensure that everything is working properly
Additionally, participants will get to interact with Anastasia's deployed smart contract at the end of the talk. Anastasia’s past talks have attracted and have been attended by a diverse group of participants with a range of experience in the space.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlowAll Things Open
Presented at All Things Open 2023
Presented by Paul Brebner - Instaclustr (by Spot by NetApp)
Title: Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
Abstract: In this talk we’ll build a Drone delivery application, and then use it to do some Machine Learning “on the fly”.
In the 1st part of the talk, we'll build a real-time Drone Delivery demonstration application using a combination of two open-source technologies: Uber’s Cadence (for stateful, scheduled, long-running workflows), and Apache Kafka (for fast streaming data).
With up to 2,000 (simulated) drones and deliveries in progress at once this application generates a vast flow of spatio-temporal data.
In the 2nd part of the talk, we'll use this platform to explore Machine Learning (ML) over streaming and drifting Kafka data with TensorFlow to try and predict which shops will be busy in advance.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at the All Things Open 2023 Inclusion and Diversity in Open Source Event
Presented by Efraim Marquez-Arreaza - Red Hat
Title: DEI Challenges and Success
Abstract: In today's world, many companies and organizations have Diversity, Equity and Inclusion (DEI) communities. Red Hat Unidos is a DEI community focused on advocating for the Hispanic/Latine community. In this talk, we would like to share our challenges and success during the past 4-years and plans for the future.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by Lydia Cupery - HubSpot
Title: Scaling Web Applications with Background Jobs: Takeaways from Generating a Huge PDF
Abstract: Do you need to perform time-consuming or CPU-intensive processes in your web application but are concerned about performance? That’s where background jobs come in. By offloading resource-intensive tasks to separate worker processes, you can improve the scalability of your web application.
In this talk, I'll share my experience of using background jobs to scale our web application. I'll discuss the challenges my team faced that led us to adopt background jobs. Then, I'll share practical tips on how to design background jobs for CPU-intensive or time-consuming processes, such as generating huge PDFs and batch emailing. I'll wrap up by going over the performance and cost tradeoffs of background jobs.
I'll use Typescript, Express, and Heroku as examples in this talk, but the concepts and best practices that I'll share are applicable to other languages and tools.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by Robert Aboukhalil - CZI
Title: Supercharging tutorials with WebAssembly
Abstract: sandbox.bio is a free platform that features interactive command-line tutorials for bioinformatics. This talk is a deep-dive into how sandbox.bio was built, with a focus on how WebAssembly enabled bringing command-line tools like awk and grep to the web. Although these tools were originally written in C/C++, they all run directly in the browser, thanks to WebAssembly! And since the computations run on each user's computer, this makes the application highly scalable and cost-effective.
Along the way, I'll discuss how WebAssembly works and how to get started using it in your own applications. The talk will also cover more advanced WebAssembly features such as threads and SIMD, and will end with a discussion of WebAssembly's benefits and pitfalls (it's a powerful technology, but it's not always the right tool!).
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by K.S. Bhaskar - YottaDB LLC
Title: Using SQL to Find Needles in Haystacks
Abstract: Database journal files capture every update to a database. A database of a few hundred GB can generate GBs worth of journal files every minute at busy times. Troubleshooting and forensices, especially of rare and intermittent problems, such as which process made what update and when, is an exercise of finding needles in haystacks. A similar problem exists with syslogs. A solution is to load the journal files and syslogs into a database, and use SQL to query the database. Bhaskar will present and demonstrate this with a 100% FOSS stack.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Configuration Security as a Game of Pursuit InterceptAll Things Open
Presented at All Things Open 2023
Presented by Wes Widner - Automox
Title: Configuration Security as a Game of Pursuit Intercept
Abstract: In this session we will take a look at the emerging field of cloud security posture management and how we can approach the problem space using a class of board games known as pursuit/intercept. Using the game Scotland Yard as a visual illustration we'll explore the cognitive and technical limitations that all CSPM systems face and what you should look for when evaluating the strengths and weakness of CSPM vendors and approaches.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by Carol Huang & Mike Fix - Stripe
Title: Scaling an Open Source Sponsorship Program
Abstract: We already know this: the open-source ecosystem needs further monetary investment from the companies that benefit most from it. Likewise, companies say they want to participate in these initiatives, but find it hard to dedicate resources to open source funding when there isn’t a clear ROI.
This talk discusses how the Open Source Program Office at Stripe built a scalable, sustainable open source sponsorship model that aligns internal company incentives with those of open source maintainers and the community at large. We go over the unique “platformization” of our OSPO that allowed us to create multiple funding models, such as BYOB (Bring Your Own Budget), and share lessons learned from this experience as well as other OSPOs.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Build Developer Experience Teams for Open SourceAll Things Open
Presented at All Things Open 2023
Presented by Arundeep Nagaraj - Amazon Web Services (AWS)
Title: Build Developer Experience Teams for Open Source
Abstract: Open Source has become the default strategy for many IT organizations and Enterprises. However, the constant challenge with Open Source leaders of these organizations has been -
How is my product's developer experience?
Is this the right metric to track?
How can I scale my team to support our products better?
How can I add automation to scale redundant workflows?
If my product involves working with developers, how can I scale to the complexity of the requests and reduce Engineering bandwidth?
The challenges within support of open source products continues to magnify depending on the end user persona whether they are consumers or contributors to your product. Consumers utilize your product, SDK's and API's and are blocked with using it or run into issues, whereas contributors are advanced users of your software that understands the codebase to provide a meaningful contribution back to the product.
The answer to the above is to look at Open Source support as a first-class citizen of your corporate support strategy. To employ the right level of developer focused support as opposed to traditional infrastructure based support is key to scale to the amount of developers using your product. Supporting customers in the open involves more than pure support - building customer / developer experiences (DX) in the open (across platforms and communities) that pivots over the ability of your product's users or developers to be focused on the end-to-end value add. This helps with your active developer growth and retention of users.
Key Takeaways:
- IT leaders of Open Source will learn to employ strategies to build a DX team that engages on multiple platforms
- Work on identifying accurate metrics for product and organization
- Innovate on platforms such as Discord to build a bot and a dashboard
- Ability to leverage customer feedback and iterate over the customer success flywheel
- Distinguish between DX and Developer Advocacy (DA)
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by Danny McCormick - Google
Title: Deploying Models at Scale with Apache Beam
Abstract: Apache Beam is an open source tool for building distributed scalable data pipelines. This talk will explore how Beam can be used to perform common machine learning tasks, with a heavy focus on running inference at scale. The talk will include a demo component showing how Beam can be used to deploy and update models efficiently on both CPUs and GPUs for inference workloads.
An attendee can expect to leave this talk with a high level understanding of Beam, the challenges of deploying models at scale, and the ability to use Beam to easily parallelize their inference workloads.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Sudo – Giving access while staying in controlAll Things Open
Presented at All Things Open 2023
Presented by Peter Czanik - One Identity
Title: Sudo – Giving access while staying in control
Abstract: Sudo is used by millions to control and log administrator access to systems, but using the default configuration only, there are plenty of blind spots. Using the latest features in sudo let you watch some previously blind spots and control access to them. Here are four major new features, which arrived since the 1.9.0 release, allowing you see your blind spots:
- configuring a working directory or chroot within sudo often makes full shell access redundant
- JSON-formatted logs give you more details on events and are easier to act on
- relays in sudo_logsrvd make session recording collection more secure and reliable
- you can log and control sub-commands executed by the command run through sudo
Let us take a closer look at each of these.
Previously, there were quite a few situations where you had to give users full shell access through sudo. Typical examples include when you need to run a command from a given directory, or running commands in a chroot environment. You can now configure the working directory or the chroot directory and give access only to the command the user really needs.
Logging is a central role of sudo, to see who did what on the system. Using JSON-formatted log messages gives you even more information about events. What is even more: structured logs are easier to act on. Setting up alerting for suspicious events is much easier when you have a single parser to configure for any kind of sudo logs. You can collect sudo logs not only by local syslog, but also by using sudo_logsrvd, the same application used to collect session recordings.
Speaking of session recordings: instead of using a single central server, you can now have multiple levels of sudo_logsrvd relays between the client and the final destination. This allows session collection even if the central server is unavailable, providing you with additional security. It also makes your network configuration simpler.
Finally, you can log sub-commands executed from the command started through sudo. You can see commands started from a shell. No more unnoticed shell access from text editors. Best of all: you can also intercept sub-commands.
These are just a few of the most prominent features helping you to watch and control previous blind spots on your systems. See these and other possibilities in action in some live demos during our presentation.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Fortifying the Future: Tackling Security Challenges in AI/ML ApplicationsAll Things Open
Presented at All Things Open 2023
Presented by Christine Abernathy - F5, Inc.
Title: Fortifying the Future: Tackling Security Challenges in AI/ML Applications
Abstract: As Artificial Intelligence (AI) and Machine Learning (ML) applications continue to surge, it is crucial to be aware of and address the security risks associated with these technologies. In this talk, Christine will explore AI/ML failure modes, threats, and mitigation strategies. She will guide you through the fundamentals of ML models then introduce you to key security challenges such as adversarial attacks, data poisoning, model inversion, model stealing, and membership inference attacks, using real-world examples to demonstrate their potential impact.
Christine will also discuss privacy and ethical considerations in ML, touching upon techniques like federated learning and shedding light on the current regulatory landscape surrounding security risks. If you are developing AI/ML applications or incorporating AI/ML components into your technology stack, check out this talk. You will walk away with a deeper understanding of the current AI/ML security landscape and a toolkit to help you address these risks, enabling you to build safer, more secure, and privacy-aware applications.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...All Things Open
Presented at All Things Open 2023
Presented by Carlos Santana - AWS
Title: Securing Cloud Resources Deployed with Control Planes on Kubernetes using Governance and Policy as Code
Abstract: Are you concerned about the security of your cloud resources deployed on Kubernetes? Are you struggling to ensure compliance with regulatory requirements while managing your cloud infrastructure? If yes, then this talk is for you!
We will discuss how to secure cloud resources deployed with Crossplane on Kubernetes using Governance and Policy as Code. We will explore how to leverage Governance and Policy as Code tools like Rego, Kyverno, and OPA to ensure security and compliance.
By the end of this talk, you will have a better understanding of the challenges associated with securing cloud resources deployed with Crossplane or ACK on Kubernetes, the importance of Governance and Policy as Code in ensuring security and compliance, and why it is critical to use open source and open standards in these technologies.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Primary difference between OSS and commercial software in an enterprise: no procurement department.
We are not lawyers. This presentation provides legal information, which should not be confused with legal advice.
Without this knowledge you can fall for these myths but through this class you can get the knowledge which can help you understand these myths.
You have to realize that the only free part of OSS is license. So its very important to understand the other factors associated with using OSS. Like, You have to realize that the only free part of OSS is license. So its very important to understand the other factors of using OSS. There are obligations that you have to comply with, not all open source are in public domain and they are protected by copyright law which allows the copyright holder to take legal action against you incase you are not in compliance.
The vary reason open source software is free and open makes it prone to security flaws and hence regular updates and maintenance is necessary along with a plan B for support in case you don’t get timely response from the community.
Without this knowledge you can fall for these myths but through this class you can get the knowledge which can help you understand these myths.
You have to realize that the only free part of OSS is license. So its very important to understand the other factors associated with using OSS. Like, You have to realize that the only free part of OSS is license. So its very important to understand the other factors of using OSS. There are obligations that you have to comply with, not all open source are in public domain and they are protected by copyright law which allows the copyright holder to take legal action against you incase you are not in compliance.
The vary reason open source software is free and open makes it prone to security flaws and hence regular updates and maintenance is necessary along with a plan B for support in case you don’t get timely response from the community.
Without this knowledge you can fall for these myths but through this class you can get the knowledge which can help you understand these myths.
You have to realize that the only free part of OSS is license. So its very important to understand the other factors associated with using OSS. Like, You have to realize that the only free part of OSS is license. So its very important to understand the other factors of using OSS. There are obligations that you have to comply with, not all open source are in public domain and they are protected by copyright law which allows the copyright holder to take legal action against you incase you are not in compliance.
The vary reason open source software is free and open makes it prone to security flaws and hence regular updates and maintenance is necessary along with a plan B for support in case you don’t get timely response from the community.
Without this knowledge you can fall for these myths but through this class you can get the knowledge which can help you understand these myths.
You have to realize that the only free part of OSS is license. So its very important to understand the other factors associated with using OSS. Like, You have to realize that the only free part of OSS is license. So its very important to understand the other factors of using OSS. There are obligations that you have to comply with, not all open source are in public domain and they are protected by copyright law which allows the copyright holder to take legal action against you incase you are not in compliance.
The vary reason open source software is free and open makes it prone to security flaws and hence regular updates and maintenance is necessary along with a plan B for support in case you don’t get timely response from the community.
Most of the time people think of Legal risk when they think about using OSS. It is very important to understand the legal risk but it is equally important understand security risks and support challenges.
The non compliance with licenses and copyright notices can result into loss of right to use the software, law suits and litigation and loss of patent rights.
OSS with security flaw can open up your proprietary code for security vulnerability putting your entire source cod at risk of attack and hence affecting the quality of software.
OSS is free to use and various open source software have robust community behind them to provide support but the support is not guaranteed. If you run into a situation, where you have trouble with part of the your source code using OSS in middle of the night and you do not know how to fix it. It can shut down your system and severely affect your productivity.
Most of the time people think of Legal risk when they think about using OSS. It is very important to understand the legal risk but it is equally important understand security risks and support challenges.
The non compliance with licenses and copyright notices can result into loss of right to use the software, law suits and litigation and loss of patent rights.
OSS with security flaw can open up your proprietary code for security vulnerability putting your entire source cod at risk of attack and hence affecting the quality of software.
OSS is free to use and various open source software have robust community behind them to provide support but the support is not guaranteed. If you run into a situation, where you have trouble with part of the your source code using OSS in middle of the night and you do not know how to fix it. It can shut down your system and severely affect your productivity.
Most of the time people think of Legal risk when they think about using OSS. It is very important to understand the legal risk but it is equally important understand security risks and support challenges.
The non compliance with licenses and copyright notices can result into loss of right to use the software, law suits and litigation and loss of patent rights.
OSS with security flaw can open up your proprietary code for security vulnerability putting your entire source cod at risk of attack and hence affecting the quality of software.
OSS is free to use and various open source software have robust community behind them to provide support but the support is not guaranteed. If you run into a situation, where you have trouble with part of the your source code using OSS in middle of the night and you do not know how to fix it. It can shut down your system and severely affect your productivity.
Managing risk– part of learning and understanding the risk is why we are dong this training.
When you begin to learn the risk then you become a stakeholder. You are no longer ignorant of the problems that can arrive using OSS. As a good corporate citizen, it allows you to take ownership of the problems. With this knowledge now you can understand the process and manage the risk and cost of ownership of using open source software.
So it goes like this – You get knowledge which will help you to take informed actions like compliance and tracking and which in return help you manage cost in terms of training, maintenance and support.
Moral: Who does that?
OSS license compliance
Standard steps to comply with most OSS licenses
Licenses and license terms to look out for
When to get help from your legal staff
Managing and monitor OSS
When to report usage
What to look for
Security concerns
After going through the risks and challenges of using OSS it is very important to note that the benefits of OSS far outweigh the risks. Don’t forget the benefits of quick conversion time shifting the developers time to more important core issues, it is free, readily accessible, the support of the robust community out there to help you.