SlideShare a Scribd company logo

Trusting Your Ingredients - What Building Software And Cheesecake Have In Common

L
Leon Stigter

The document discusses the similarities between making cheesecake and building software applications. It notes that both processes require trusting where ingredients/libraries come from and having transparency in the overall process. This includes knowing the ingredients/libraries, who uses them, and where they are stored. The document advocates integrating security practices like DevSecOps earlier in the development lifecycle to help build more secure applications faster.

Software
1 of 47
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Trusting Your Ingredients What Building Software And Cheesecake Have In Common
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter A big thanks to our hosts of today
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter https://jfrog.com/shownotes shownotes Slides Links Comments & Ratings Raffle
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Who am I? • Developer Advocate • Passionate about Serverless, Containers, and all things Cloud • I love dadjokes, cheesecake and Go @LeonStigter Leon Stigter, Developer Advocate
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter • A giant cybersecurity breach compromised the personal information of as many as 143 million Americans • An attacker could exploit “this” by using a malicious tar binary to write files to any path on the target machine whenever Let’s play a game! Which project is this…
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter There are 2 hard problems in computer science: cache invalidation, naming things, and off-by-1 errors. - Leon Bambrick
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter What is devops?
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter What is devsecops?
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter What is devsecops SECURITY The philosophy of integrating security practices within the DevOps process. #SecurityFirst culture! How? Introducing security earlier in the life cycle of application development
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter P Protocols, like zero-trust, to implement in your pipelines The three P’s of devsecops
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter P Protocols, like zero-trust, to implement in your pipelines (what) Processes, dictating how to add security to DevOps The three P’s of devsecops
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter P Protocols, like zero-trust, to implement in your pipelines (what) Processes, dictating how to add security to DevOps Philosophy, of shared ownership and cooperation between the teams (why) The three P’s of devsecops Source: https://www.infoq.com/articles/evolve-devops-devsecops/
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Who cares about security anyway? ¯_(ツ)_/¯
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Q1 2019 • More than 1900 incidents (up by 56.4%) • Close to 2B records exposed (up by 28.9%) Well, lets talk about numbers
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Q1 2019 • 3 breaches with 100M+ records • Business sector is targeted in 85.6% • Hacks are 84.8% of breaches Let’s make it slightly worse
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter My personal favorite “14.7% of breached organizations were unwilling or unable to disclose the number of records exposed.”
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Let’s welcome on stage our main characters Making a cheesecake Building an app Ingredients Libraries (Jars, Modules, Gems…) Recipe Source code Kitchen stuff (whisk, bowl, spatula) Dev tools (editor, cli tools, vcs) Appliances (oven, fridge) Build tools (CI/CD server) Fork Runtime
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Will subpar ingredients get me the best cheesecake? Let’s imagine you’re a chef
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Where do the vendors I use get the ingredients from? Let’s imagine you’re a chef
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter End-to-End transparency TRUST Traceability What matters for ingredients?
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Where do my ingredients come from?
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter • Identify what’s in a package • Identify who’s using it • Identify where it’s stored Why do we care about traceability?
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter • Versions are tags, and are dynamic and mutable • Latest is not always really latest Docker makes things a little tricky my-image:5.0 OS layer 1.0 Framework layer 2.0 Application layer 2.0 OS layer 1.1 Framework layer 2.1 Application layer 2.1
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter • It let’s you pull code and dependencies into production systems • It let’s you update databases or call external services with POST data Docker makes things a little tricky
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Let’s do a quick poll (Question 1) Who is using Open Source tech? Yes No
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Let’s do a quick poll (Question 2) Do you have influence over which tools your company uses? Yes No
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter If you said ”yes” to question 2, you’re not alone… 71% of developers have some influence in software choices Source: State of the Developer Nation, 15th edition
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter 98% of developers use Open Source tools at work 96% of commercial apps embed Open Source 79% of businesses use Open Source for key systems If you said ”yes” to question 1, you’re definitely not alone…
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Trust, but verify… Do you trust your colleagues? I hope the answer is yes
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Trust is built with consistency Do you trust the rest of the world?
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter End-to-End transparency TRUST Traceability What matters for ingredients libraries?
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter I think it is safe to say that… Having trust in where your ingredients come from and who made them is important in both making cheesecake and software
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Protecting your recipes
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter 35 licenses • 13 require you to publish product sources • 4 allow users to ask for sources on hosted software Open source licenses Source: https://choosealicense.com/appendix/
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Source code Recipes in software Developers programming in DevSecOps environments fix 11x faster than other developers
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter “Security is your friend! Seriously! Developers are the true sentries of product security, as not introducing accidental weaknesses in the first place is always much better than even the fastest hotfix process later on. DevSecOps practices that make developers into security champions”
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter So lets look at some of that in action… Yes, I’ll use JFrog software but it’s equally applicable to other software vendors & products too J
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Common faults • Input Validation • Memory Corruption • Numeric Errors • Cryptographic Issues But what about • Hardcoded Passwords, • Missing Validation • Backdoors • Data Anomalies Recipes in software: things to watch for @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Immutability and repeatability The best way to guarantee issues is force push Immutable dependencies Who doesn’t remember left-pad with Node.js? Lost Dependencies Do you trust your suppliers enough? Internet Issues
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Where should we inject security?
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter • aims to embed security in every part of the application lifecycle – run time, build time and even development time. • means developing more secure applications faster refusing to accept that the two (secure & fast) are mutually exclusive! At the beginning of the process! Shifting left…
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Buildtime, Runtime, and real-time security
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter • Treat DevOps as code (automate your processes as much as possible) • Standardize and automate your security and governance processes • Get insights into your end-to-end process (visibility and transparency) Devsecops do’s
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter • Have developers write and maintain scripts for DevOps • Think that all current tools and processes will magically work when moving to cloud or containers • Believe that a single vendor has all tools you need • Think that security is someone else’s problem • Think that a firewall is more than adequate security Devsecops don’ts
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Trusting your ingredients Trusting your suppliers Transparency in your process recap
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter • https://jfrog.com/shownotes • @JFrog • #DevSecOps / #DevOps • @LeonStigter Twitter, ads, and Q&a
@JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Thank you! Stay safe!

Recommended

Waste Driven Development - Agile Coaching Serbia Meetup
Waste Driven Development - Agile Coaching Serbia MeetupWaste Driven Development - Agile Coaching Serbia Meetup
Waste Driven Development - Agile Coaching Serbia Meetup
Lemi Orhan Ergin
 
Making Enterprise-Ready Plugins - Kaj Kandler JUC West 2015
Making Enterprise-Ready Plugins - Kaj Kandler JUC West 2015Making Enterprise-Ready Plugins - Kaj Kandler JUC West 2015
Making Enterprise-Ready Plugins - Kaj Kandler JUC West 2015
Black Duck by Synopsys
 
10 Faulty Behaviors of Code Review - Developer Summit Istanbul 2018
10 Faulty Behaviors of Code Review - Developer Summit Istanbul 201810 Faulty Behaviors of Code Review - Developer Summit Istanbul 2018
10 Faulty Behaviors of Code Review - Developer Summit Istanbul 2018
Lemi Orhan Ergin
 
Irresponsible Disclosure: Short Handbook of an Ethical Developer
Irresponsible Disclosure: Short Handbook of an Ethical DeveloperIrresponsible Disclosure: Short Handbook of an Ethical Developer
Irresponsible Disclosure: Short Handbook of an Ethical Developer
Lemi Orhan Ergin
 
Enhancing Developer Productivity with Code Forensics
Enhancing Developer Productivity with Code ForensicsEnhancing Developer Productivity with Code Forensics
Enhancing Developer Productivity with Code Forensics
TechWell
 
Unwritten Manual for Pair Programming
Unwritten Manual for Pair ProgrammingUnwritten Manual for Pair Programming
Unwritten Manual for Pair Programming
Lemi Orhan Ergin
 
A Study of the Characteristics of Developers′ Activities in GitHub
A Study of the Characteristics of Developers′ Activities in GitHubA Study of the Characteristics of Developers′ Activities in GitHub
A Study of the Characteristics of Developers′ Activities in GitHub奈良先端大 情報科学研究科
 
How to Become a Conference Speaker
How to Become a Conference SpeakerHow to Become a Conference Speaker
How to Become a Conference Speaker
Sven Peters
 

Recommended

Waste Driven Development - Agile Coaching Serbia Meetup
Waste Driven Development - Agile Coaching Serbia MeetupWaste Driven Development - Agile Coaching Serbia Meetup
Waste Driven Development - Agile Coaching Serbia Meetup
Lemi Orhan Ergin
 
Making Enterprise-Ready Plugins - Kaj Kandler JUC West 2015
Making Enterprise-Ready Plugins - Kaj Kandler JUC West 2015Making Enterprise-Ready Plugins - Kaj Kandler JUC West 2015
Making Enterprise-Ready Plugins - Kaj Kandler JUC West 2015
Black Duck by Synopsys
 
10 Faulty Behaviors of Code Review - Developer Summit Istanbul 2018
10 Faulty Behaviors of Code Review - Developer Summit Istanbul 201810 Faulty Behaviors of Code Review - Developer Summit Istanbul 2018
10 Faulty Behaviors of Code Review - Developer Summit Istanbul 2018
Lemi Orhan Ergin
 
Irresponsible Disclosure: Short Handbook of an Ethical Developer
Irresponsible Disclosure: Short Handbook of an Ethical DeveloperIrresponsible Disclosure: Short Handbook of an Ethical Developer
Irresponsible Disclosure: Short Handbook of an Ethical Developer
Lemi Orhan Ergin
 
Enhancing Developer Productivity with Code Forensics
Enhancing Developer Productivity with Code ForensicsEnhancing Developer Productivity with Code Forensics
Enhancing Developer Productivity with Code Forensics
TechWell
 
Unwritten Manual for Pair Programming
Unwritten Manual for Pair ProgrammingUnwritten Manual for Pair Programming
Unwritten Manual for Pair Programming
Lemi Orhan Ergin
 
A Study of the Characteristics of Developers′ Activities in GitHub
A Study of the Characteristics of Developers′ Activities in GitHubA Study of the Characteristics of Developers′ Activities in GitHub
A Study of the Characteristics of Developers′ Activities in GitHub奈良先端大 情報科学研究科
 
How to Become a Conference Speaker
How to Become a Conference SpeakerHow to Become a Conference Speaker
How to Become a Conference Speaker
Sven Peters
 
Clean Software Design: The Practices to Make The Design Simple
Clean Software Design: The Practices to Make The Design SimpleClean Software Design: The Practices to Make The Design Simple
Clean Software Design: The Practices to Make The Design Simple
Lemi Orhan Ergin
 
Tizen 2.0 overview
Tizen 2.0 overviewTizen 2.0 overview
Tizen 2.0 overviewNaruto TAKAHASHI
 
Dfc2043 operating system; open & closed source systems
Dfc2043 operating system; open & closed source systemsDfc2043 operating system; open & closed source systems
Dfc2043 operating system; open & closed source systems
FlameDimension95
 
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...
DevSecCon
 
Stack overflow code_laundering
Stack overflow code_launderingStack overflow code_laundering
Stack overflow code_laundering
Foutse Khomh
 
Is My App Secure ?
Is My App Secure ? Is My App Secure ?
Is My App Secure ?
Herman Duarte
 
The Seven Deadly Coding Sins Slides
The Seven Deadly Coding Sins SlidesThe Seven Deadly Coding Sins Slides
The Seven Deadly Coding Sins Slidesmobiledevnj
 
ICSE 2019 - PIVOT: Learning API-Device Correlations to Facilitate Android Com...
ICSE 2019 - PIVOT: Learning API-Device Correlations to Facilitate Android Com...ICSE 2019 - PIVOT: Learning API-Device Correlations to Facilitate Android Com...
ICSE 2019 - PIVOT: Learning API-Device Correlations to Facilitate Android Com...
Lili Wei
 
DELDroid: Determination & Enforcement of Least Privilege Architecture in AnDroid
DELDroid: Determination & Enforcement of Least Privilege Architecture in AnDroidDELDroid: Determination & Enforcement of Least Privilege Architecture in AnDroid
DELDroid: Determination & Enforcement of Least Privilege Architecture in AnDroid
Mahmoud Hammad
 
Android to TIZEN conversion service
Android to TIZEN conversion serviceAndroid to TIZEN conversion service
Android to TIZEN conversion serviceHyeokgon Ryu
 
How to write maintainable code - Peter Hilton - Codemotion Amsterdam 2017
How to write maintainable code - Peter Hilton - Codemotion Amsterdam 2017How to write maintainable code - Peter Hilton - Codemotion Amsterdam 2017
How to write maintainable code - Peter Hilton - Codemotion Amsterdam 2017
Codemotion
 
A beginner's guide for Java.pptx
A beginner's guide for Java.pptxA beginner's guide for Java.pptx
A beginner's guide for Java.pptx
GautamKumar163048
 
Disruptive Product Positioning with A/B Testing
Disruptive Product Positioning with A/B TestingDisruptive Product Positioning with A/B Testing
Disruptive Product Positioning with A/B Testing
Optimizely
 
Building your Open Source Security stack
Building your Open Source Security stackBuilding your Open Source Security stack
Building your Open Source Security stack
Héctor Eryx Paredes Camacho
 
ESE 2010: Using Git in Eclipse
ESE 2010: Using Git in EclipseESE 2010: Using Git in Eclipse
ESE 2010: Using Git in Eclipse
Chris Aniszczyk
 
ASE 2016 Taming Android Fragmentation: Characterizing and Detecting Compatibi...
ASE 2016 Taming Android Fragmentation: Characterizing and Detecting Compatibi...ASE 2016 Taming Android Fragmentation: Characterizing and Detecting Compatibi...
ASE 2016 Taming Android Fragmentation: Characterizing and Detecting Compatibi...
Lili Wei
 
Getting Started with IntelliJ IDEA as an Eclipse User
Getting Started with IntelliJ IDEA as an Eclipse UserGetting Started with IntelliJ IDEA as an Eclipse User
Getting Started with IntelliJ IDEA as an Eclipse User
ZeroTurnaround
 
Discovering Flaws in Security-Focused Static Analysis Tools for Android using...
Discovering Flaws in Security-Focused Static Analysis Tools for Android using...Discovering Flaws in Security-Focused Static Analysis Tools for Android using...
Discovering Flaws in Security-Focused Static Analysis Tools for Android using...
Kevin Moran
 
Android security
Android securityAndroid security
Android security
Mobile Rtpl
 
Android Security
Android SecurityAndroid Security
Android Security
Lars Jacobs
 
Building a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules RepositoryBuilding a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules Repository
Leon Stigter
 
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes… Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Leon Stigter
 

More Related Content

What's hot

Clean Software Design: The Practices to Make The Design Simple
Clean Software Design: The Practices to Make The Design SimpleClean Software Design: The Practices to Make The Design Simple
Clean Software Design: The Practices to Make The Design Simple
Lemi Orhan Ergin
 
Dfc2043 operating system; open & closed source systems
Dfc2043 operating system; open & closed source systemsDfc2043 operating system; open & closed source systems
Dfc2043 operating system; open & closed source systems
FlameDimension95
 
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...
DevSecCon
 
Stack overflow code_laundering
Stack overflow code_launderingStack overflow code_laundering
Stack overflow code_laundering
Foutse Khomh
 
Is My App Secure ?
Is My App Secure ? Is My App Secure ?
Is My App Secure ?
Herman Duarte
 
The Seven Deadly Coding Sins Slides
The Seven Deadly Coding Sins SlidesThe Seven Deadly Coding Sins Slides
The Seven Deadly Coding Sins Slidesmobiledevnj
 
ICSE 2019 - PIVOT: Learning API-Device Correlations to Facilitate Android Com...
ICSE 2019 - PIVOT: Learning API-Device Correlations to Facilitate Android Com...ICSE 2019 - PIVOT: Learning API-Device Correlations to Facilitate Android Com...
ICSE 2019 - PIVOT: Learning API-Device Correlations to Facilitate Android Com...
Lili Wei
 
DELDroid: Determination & Enforcement of Least Privilege Architecture in AnDroid
DELDroid: Determination & Enforcement of Least Privilege Architecture in AnDroidDELDroid: Determination & Enforcement of Least Privilege Architecture in AnDroid
DELDroid: Determination & Enforcement of Least Privilege Architecture in AnDroid
Mahmoud Hammad
 
Android to TIZEN conversion service
Android to TIZEN conversion serviceAndroid to TIZEN conversion service
Android to TIZEN conversion serviceHyeokgon Ryu
 
How to write maintainable code - Peter Hilton - Codemotion Amsterdam 2017
How to write maintainable code - Peter Hilton - Codemotion Amsterdam 2017How to write maintainable code - Peter Hilton - Codemotion Amsterdam 2017
How to write maintainable code - Peter Hilton - Codemotion Amsterdam 2017
Codemotion
 
A beginner's guide for Java.pptx
A beginner's guide for Java.pptxA beginner's guide for Java.pptx
A beginner's guide for Java.pptx
GautamKumar163048
 
Disruptive Product Positioning with A/B Testing
Disruptive Product Positioning with A/B TestingDisruptive Product Positioning with A/B Testing
Disruptive Product Positioning with A/B Testing
Optimizely
 
Building your Open Source Security stack
Building your Open Source Security stackBuilding your Open Source Security stack
Building your Open Source Security stack
Héctor Eryx Paredes Camacho
 
ESE 2010: Using Git in Eclipse
ESE 2010: Using Git in EclipseESE 2010: Using Git in Eclipse
ESE 2010: Using Git in Eclipse
Chris Aniszczyk
 
ASE 2016 Taming Android Fragmentation: Characterizing and Detecting Compatibi...
ASE 2016 Taming Android Fragmentation: Characterizing and Detecting Compatibi...ASE 2016 Taming Android Fragmentation: Characterizing and Detecting Compatibi...
ASE 2016 Taming Android Fragmentation: Characterizing and Detecting Compatibi...
Lili Wei
 
Getting Started with IntelliJ IDEA as an Eclipse User
Getting Started with IntelliJ IDEA as an Eclipse UserGetting Started with IntelliJ IDEA as an Eclipse User
Getting Started with IntelliJ IDEA as an Eclipse User
ZeroTurnaround
 
Discovering Flaws in Security-Focused Static Analysis Tools for Android using...
Discovering Flaws in Security-Focused Static Analysis Tools for Android using...Discovering Flaws in Security-Focused Static Analysis Tools for Android using...
Discovering Flaws in Security-Focused Static Analysis Tools for Android using...
Kevin Moran
 
Android security
Android securityAndroid security
Android security
Mobile Rtpl
 
Android Security
Android SecurityAndroid Security
Android Security
Lars Jacobs
 

What's hot (20)

Clean Software Design: The Practices to Make The Design Simple
Clean Software Design: The Practices to Make The Design SimpleClean Software Design: The Practices to Make The Design Simple
Clean Software Design: The Practices to Make The Design Simple
 
Tizen 2.0 overview
Tizen 2.0 overviewTizen 2.0 overview
Tizen 2.0 overview
 
Dfc2043 operating system; open & closed source systems
Dfc2043 operating system; open & closed source systemsDfc2043 operating system; open & closed source systems
Dfc2043 operating system; open & closed source systems
 
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...
 
Stack overflow code_laundering
Stack overflow code_launderingStack overflow code_laundering
Stack overflow code_laundering
 
Is My App Secure ?
Is My App Secure ? Is My App Secure ?
Is My App Secure ?
 
The Seven Deadly Coding Sins Slides
The Seven Deadly Coding Sins SlidesThe Seven Deadly Coding Sins Slides
The Seven Deadly Coding Sins Slides
 
ICSE 2019 - PIVOT: Learning API-Device Correlations to Facilitate Android Com...
ICSE 2019 - PIVOT: Learning API-Device Correlations to Facilitate Android Com...ICSE 2019 - PIVOT: Learning API-Device Correlations to Facilitate Android Com...
ICSE 2019 - PIVOT: Learning API-Device Correlations to Facilitate Android Com...
 
DELDroid: Determination & Enforcement of Least Privilege Architecture in AnDroid
DELDroid: Determination & Enforcement of Least Privilege Architecture in AnDroidDELDroid: Determination & Enforcement of Least Privilege Architecture in AnDroid
DELDroid: Determination & Enforcement of Least Privilege Architecture in AnDroid
 
Android to TIZEN conversion service
Android to TIZEN conversion serviceAndroid to TIZEN conversion service
Android to TIZEN conversion service
 
How to write maintainable code - Peter Hilton - Codemotion Amsterdam 2017
How to write maintainable code - Peter Hilton - Codemotion Amsterdam 2017How to write maintainable code - Peter Hilton - Codemotion Amsterdam 2017
How to write maintainable code - Peter Hilton - Codemotion Amsterdam 2017
 
A beginner's guide for Java.pptx
A beginner's guide for Java.pptxA beginner's guide for Java.pptx
A beginner's guide for Java.pptx
 
Disruptive Product Positioning with A/B Testing
Disruptive Product Positioning with A/B TestingDisruptive Product Positioning with A/B Testing
Disruptive Product Positioning with A/B Testing
 
Building your Open Source Security stack
Building your Open Source Security stackBuilding your Open Source Security stack
Building your Open Source Security stack
 
ESE 2010: Using Git in Eclipse
ESE 2010: Using Git in EclipseESE 2010: Using Git in Eclipse
ESE 2010: Using Git in Eclipse
 
ASE 2016 Taming Android Fragmentation: Characterizing and Detecting Compatibi...
ASE 2016 Taming Android Fragmentation: Characterizing and Detecting Compatibi...ASE 2016 Taming Android Fragmentation: Characterizing and Detecting Compatibi...
ASE 2016 Taming Android Fragmentation: Characterizing and Detecting Compatibi...
 
Getting Started with IntelliJ IDEA as an Eclipse User
Getting Started with IntelliJ IDEA as an Eclipse UserGetting Started with IntelliJ IDEA as an Eclipse User
Getting Started with IntelliJ IDEA as an Eclipse User
 
Discovering Flaws in Security-Focused Static Analysis Tools for Android using...
Discovering Flaws in Security-Focused Static Analysis Tools for Android using...Discovering Flaws in Security-Focused Static Analysis Tools for Android using...
Discovering Flaws in Security-Focused Static Analysis Tools for Android using...
 
Android security
Android securityAndroid security
Android security
 
Android Security
Android SecurityAndroid Security
Android Security
 

Similar to Trusting Your Ingredients - What Building Software And Cheesecake Have In Common

Building a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules RepositoryBuilding a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules Repository
Leon Stigter
 
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes… Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Leon Stigter
 
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Leon Stigter
 
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & CodefreshWhere did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Leon Stigter
 
5 Years of Jenkins and DevOps Trends and What That Means For the Future of t...
5 Years of Jenkins and DevOps Trends and What That Means For the Future of t...5 Years of Jenkins and DevOps Trends and What That Means For the Future of t...
5 Years of Jenkins and DevOps Trends and What That Means For the Future of t...
DevOps.com
 
Refactoring to GO modules
Refactoring to GO modulesRefactoring to GO modules
Refactoring to GO modules
Elad Hirsch
 
Continuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetupContinuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetup
Mike Long
 
Refactoring to Go modules: why and how
Refactoring to Go modules: why and howRefactoring to Go modules: why and how
Refactoring to Go modules: why and how
Leon Stigter
 
Data Driven DevOps
Data Driven DevOpsData Driven DevOps
Data Driven DevOps
Leon Stigter
 
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and LambdaProject Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
Leon Stigter
 
Over-Engineering: Causes, Symptoms, and Treatment
Over-Engineering: Causes, Symptoms, and TreatmentOver-Engineering: Causes, Symptoms, and Treatment
Over-Engineering: Causes, Symptoms, and Treatment
Altoros
 
Open Source Security and ChatGPT-Published.pdf
Open Source Security and ChatGPT-Published.pdfOpen Source Security and ChatGPT-Published.pdf
Open Source Security and ChatGPT-Published.pdf
Javier Perez
 
DevOpsGuys FutureDecoded 2016 - is DevOps the Answer
DevOpsGuys FutureDecoded 2016 - is DevOps the AnswerDevOpsGuys FutureDecoded 2016 - is DevOps the Answer
DevOpsGuys FutureDecoded 2016 - is DevOps the Answer
DevOpsGroup
 
Step away from that knife!
Step away from that knife!Step away from that knife!
Step away from that knife!
Michael Goetz
 
Designing a secure software development process with DevOps
Designing a secure software development process with DevOpsDesigning a secure software development process with DevOps
Designing a secure software development process with DevOps
Mike Long
 
DevOpsDays Houston 2019 -Kevin Crawley - Practical Guide to Not Building Anot...
DevOpsDays Houston 2019 -Kevin Crawley - Practical Guide to Not Building Anot...DevOpsDays Houston 2019 -Kevin Crawley - Practical Guide to Not Building Anot...
DevOpsDays Houston 2019 -Kevin Crawley - Practical Guide to Not Building Anot...
DevOpsDays Houston
 
DevOpsDays - Pick any Three - Devops from scratch
DevOpsDays - Pick any Three - Devops from scratchDevOpsDays - Pick any Three - Devops from scratch
DevOpsDays - Pick any Three - Devops from scratch
Pete Cheslock
 
Improving the developer experience on OpenShift - devconf-india-18
Improving the developer experience on OpenShift - devconf-india-18Improving the developer experience on OpenShift - devconf-india-18
Improving the developer experience on OpenShift - devconf-india-18
Jorge Morales
 
BrainQuest-DevOps
BrainQuest-DevOpsBrainQuest-DevOps
BrainQuest-DevOps
Eric Phan
 
DevOps Dilemma - Make Dev work with Ops!
DevOps Dilemma - Make Dev work with Ops!DevOps Dilemma - Make Dev work with Ops!
DevOps Dilemma - Make Dev work with Ops!
Sandeep Joshi
 

Similar to Trusting Your Ingredients - What Building Software And Cheesecake Have In Common (20)

Building a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules RepositoryBuilding a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules Repository
 
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes… Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
 
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
 
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & CodefreshWhere did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
 
5 Years of Jenkins and DevOps Trends and What That Means For the Future of t...
5 Years of Jenkins and DevOps Trends and What That Means For the Future of t...5 Years of Jenkins and DevOps Trends and What That Means For the Future of t...
5 Years of Jenkins and DevOps Trends and What That Means For the Future of t...
 
Refactoring to GO modules
Refactoring to GO modulesRefactoring to GO modules
Refactoring to GO modules
 
Continuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetupContinuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetup
 
Refactoring to Go modules: why and how
Refactoring to Go modules: why and howRefactoring to Go modules: why and how
Refactoring to Go modules: why and how
 
Data Driven DevOps
Data Driven DevOpsData Driven DevOps
Data Driven DevOps
 
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and LambdaProject Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
 
Over-Engineering: Causes, Symptoms, and Treatment
Over-Engineering: Causes, Symptoms, and TreatmentOver-Engineering: Causes, Symptoms, and Treatment
Over-Engineering: Causes, Symptoms, and Treatment
 
Open Source Security and ChatGPT-Published.pdf
Open Source Security and ChatGPT-Published.pdfOpen Source Security and ChatGPT-Published.pdf
Open Source Security and ChatGPT-Published.pdf
 
DevOpsGuys FutureDecoded 2016 - is DevOps the Answer
DevOpsGuys FutureDecoded 2016 - is DevOps the AnswerDevOpsGuys FutureDecoded 2016 - is DevOps the Answer
DevOpsGuys FutureDecoded 2016 - is DevOps the Answer
 
Step away from that knife!
Step away from that knife!Step away from that knife!
Step away from that knife!
 
Designing a secure software development process with DevOps
Designing a secure software development process with DevOpsDesigning a secure software development process with DevOps
Designing a secure software development process with DevOps
 
DevOpsDays Houston 2019 -Kevin Crawley - Practical Guide to Not Building Anot...
DevOpsDays Houston 2019 -Kevin Crawley - Practical Guide to Not Building Anot...DevOpsDays Houston 2019 -Kevin Crawley - Practical Guide to Not Building Anot...
DevOpsDays Houston 2019 -Kevin Crawley - Practical Guide to Not Building Anot...
 
DevOpsDays - Pick any Three - Devops from scratch
DevOpsDays - Pick any Three - Devops from scratchDevOpsDays - Pick any Three - Devops from scratch
DevOpsDays - Pick any Three - Devops from scratch
 
Improving the developer experience on OpenShift - devconf-india-18
Improving the developer experience on OpenShift - devconf-india-18Improving the developer experience on OpenShift - devconf-india-18
Improving the developer experience on OpenShift - devconf-india-18
 
BrainQuest-DevOps
BrainQuest-DevOpsBrainQuest-DevOps
BrainQuest-DevOps
 
DevOps Dilemma - Make Dev work with Ops!
DevOps Dilemma - Make Dev work with Ops!DevOps Dilemma - Make Dev work with Ops!
DevOps Dilemma - Make Dev work with Ops!
 

More from Leon Stigter

Thinking Stateful Serverless
Thinking Stateful ServerlessThinking Stateful Serverless
Thinking Stateful Serverless
Leon Stigter
 
Test driving event-driven apps on kubernetes with kind, tekton, and knative
Test driving event-driven apps on kubernetes with kind, tekton, and knativeTest driving event-driven apps on kubernetes with kind, tekton, and knative
Test driving event-driven apps on kubernetes with kind, tekton, and knative
Leon Stigter
 
Building Event-Driven Workflows with Knative and Tekton
Building Event-Driven Workflows with Knative and TektonBuilding Event-Driven Workflows with Knative and Tekton
Building Event-Driven Workflows with Knative and Tekton
Leon Stigter
 
Data Driven Decisions in DevOps
Data Driven Decisions in DevOpsData Driven Decisions in DevOps
Data Driven Decisions in DevOps
Leon Stigter
 
Every Talk Has To Be Unique @ DevRel Meetup
Every Talk Has To Be Unique @ DevRel Meetup Every Talk Has To Be Unique @ DevRel Meetup
Every Talk Has To Be Unique @ DevRel Meetup
Leon Stigter
 
Continuous Verification in a Serverless World
Continuous Verification in a Serverless WorldContinuous Verification in a Serverless World
Continuous Verification in a Serverless World
Leon Stigter
 
Continuous Verification in a Serverless World
Continuous Verification in a Serverless WorldContinuous Verification in a Serverless World
Continuous Verification in a Serverless World
Leon Stigter
 
Trusting Your Ingredients @DevOpsDays Columbus 2019
Trusting Your Ingredients @DevOpsDays Columbus 2019Trusting Your Ingredients @DevOpsDays Columbus 2019
Trusting Your Ingredients @DevOpsDays Columbus 2019
Leon Stigter
 
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Leon Stigter
 
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire FireDevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
Leon Stigter
 
The Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With ConfidenceThe Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With Confidence
Leon Stigter
 
Project Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the EnterpriseProject Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the Enterprise
Leon Stigter
 
The Road to a Cloud-First Enterprise
The Road to a Cloud-First EnterpriseThe Road to a Cloud-First Enterprise
The Road to a Cloud-First Enterprise
Leon Stigter
 
Building serverless apps with Go & SAM
Building serverless apps with Go & SAMBuilding serverless apps with Go & SAM
Building serverless apps with Go & SAM
Leon Stigter
 

More from Leon Stigter (14)

Thinking Stateful Serverless
Thinking Stateful ServerlessThinking Stateful Serverless
Thinking Stateful Serverless
 
Test driving event-driven apps on kubernetes with kind, tekton, and knative
Test driving event-driven apps on kubernetes with kind, tekton, and knativeTest driving event-driven apps on kubernetes with kind, tekton, and knative
Test driving event-driven apps on kubernetes with kind, tekton, and knative
 
Building Event-Driven Workflows with Knative and Tekton
Building Event-Driven Workflows with Knative and TektonBuilding Event-Driven Workflows with Knative and Tekton
Building Event-Driven Workflows with Knative and Tekton
 
Data Driven Decisions in DevOps
Data Driven Decisions in DevOpsData Driven Decisions in DevOps
Data Driven Decisions in DevOps
 
Every Talk Has To Be Unique @ DevRel Meetup
Every Talk Has To Be Unique @ DevRel Meetup Every Talk Has To Be Unique @ DevRel Meetup
Every Talk Has To Be Unique @ DevRel Meetup
 
Continuous Verification in a Serverless World
Continuous Verification in a Serverless WorldContinuous Verification in a Serverless World
Continuous Verification in a Serverless World
 
Continuous Verification in a Serverless World
Continuous Verification in a Serverless WorldContinuous Verification in a Serverless World
Continuous Verification in a Serverless World
 
Trusting Your Ingredients @DevOpsDays Columbus 2019
Trusting Your Ingredients @DevOpsDays Columbus 2019Trusting Your Ingredients @DevOpsDays Columbus 2019
Trusting Your Ingredients @DevOpsDays Columbus 2019
 
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
 
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire FireDevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
 
The Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With ConfidenceThe Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With Confidence
 
Project Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the EnterpriseProject Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the Enterprise
 
The Road to a Cloud-First Enterprise
The Road to a Cloud-First EnterpriseThe Road to a Cloud-First Enterprise
The Road to a Cloud-First Enterprise
 
Building serverless apps with Go & SAM
Building serverless apps with Go & SAMBuilding serverless apps with Go & SAM
Building serverless apps with Go & SAM
 

Recently uploaded

Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
rickgrimesss22
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
Deuglo Infosystem Pvt Ltd
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
Ayan Halder
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket ManagementUtilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
timtebeek1
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
Rakesh Kumar R
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke
 
Launch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in MinutesLaunch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in Minutes
Roshan Dwivedi
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
kalichargn70th171
 
What is Augmented Reality Image Tracking
What is Augmented Reality Image TrackingWhat is Augmented Reality Image Tracking
What is Augmented Reality Image Tracking
pavan998932
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
Łukasz Chruściel
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
Aftab Hussain
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
Google
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
NYGGS Automation Suite
 

Recently uploaded (20)

Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket ManagementUtilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
 
Launch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in MinutesLaunch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in Minutes
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
 
What is Augmented Reality Image Tracking
What is Augmented Reality Image TrackingWhat is Augmented Reality Image Tracking
What is Augmented Reality Image Tracking
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
 

Trusting Your Ingredients - What Building Software And Cheesecake Have In Common

  • 1. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Trusting Your Ingredients What Building Software And Cheesecake Have In Common
  • 2. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter A big thanks to our hosts of today
  • 3. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter https://jfrog.com/shownotes shownotes Slides Links Comments & Ratings Raffle
  • 4. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Who am I? • Developer Advocate • Passionate about Serverless, Containers, and all things Cloud • I love dadjokes, cheesecake and Go @LeonStigter Leon Stigter, Developer Advocate
  • 5. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter • A giant cybersecurity breach compromised the personal information of as many as 143 million Americans • An attacker could exploit “this” by using a malicious tar binary to write files to any path on the target machine whenever Let’s play a game! Which project is this…
  • 6. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter There are 2 hard problems in computer science: cache invalidation, naming things, and off-by-1 errors. - Leon Bambrick
  • 7. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter What is devops?
  • 8. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter What is devsecops?
  • 9. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter What is devsecops SECURITY The philosophy of integrating security practices within the DevOps process. #SecurityFirst culture! How? Introducing security earlier in the life cycle of application development
  • 10. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter P Protocols, like zero-trust, to implement in your pipelines The three P’s of devsecops
  • 11. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter P Protocols, like zero-trust, to implement in your pipelines (what) Processes, dictating how to add security to DevOps The three P’s of devsecops
  • 12. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter P Protocols, like zero-trust, to implement in your pipelines (what) Processes, dictating how to add security to DevOps Philosophy, of shared ownership and cooperation between the teams (why) The three P’s of devsecops Source: https://www.infoq.com/articles/evolve-devops-devsecops/
  • 13. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Who cares about security anyway? ¯_(ツ)_/¯
  • 14. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Q1 2019 • More than 1900 incidents (up by 56.4%) • Close to 2B records exposed (up by 28.9%) Well, lets talk about numbers
  • 15. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Q1 2019 • 3 breaches with 100M+ records • Business sector is targeted in 85.6% • Hacks are 84.8% of breaches Let’s make it slightly worse
  • 16. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter My personal favorite “14.7% of breached organizations were unwilling or unable to disclose the number of records exposed.”
  • 17. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Let’s welcome on stage our main characters Making a cheesecake Building an app Ingredients Libraries (Jars, Modules, Gems…) Recipe Source code Kitchen stuff (whisk, bowl, spatula) Dev tools (editor, cli tools, vcs) Appliances (oven, fridge) Build tools (CI/CD server) Fork Runtime
  • 18. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Will subpar ingredients get me the best cheesecake? Let’s imagine you’re a chef
  • 19. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Where do the vendors I use get the ingredients from? Let’s imagine you’re a chef
  • 20. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter End-to-End transparency TRUST Traceability What matters for ingredients?
  • 21. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Where do my ingredients come from?
  • 22. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter • Identify what’s in a package • Identify who’s using it • Identify where it’s stored Why do we care about traceability?
  • 23. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter • Versions are tags, and are dynamic and mutable • Latest is not always really latest Docker makes things a little tricky my-image:5.0 OS layer 1.0 Framework layer 2.0 Application layer 2.0 OS layer 1.1 Framework layer 2.1 Application layer 2.1
  • 24. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter • It let’s you pull code and dependencies into production systems • It let’s you update databases or call external services with POST data Docker makes things a little tricky
  • 25. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Let’s do a quick poll (Question 1) Who is using Open Source tech? Yes No
  • 26. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Let’s do a quick poll (Question 2) Do you have influence over which tools your company uses? Yes No
  • 27. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter If you said ”yes” to question 2, you’re not alone… 71% of developers have some influence in software choices Source: State of the Developer Nation, 15th edition
  • 28. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter 98% of developers use Open Source tools at work 96% of commercial apps embed Open Source 79% of businesses use Open Source for key systems If you said ”yes” to question 1, you’re definitely not alone…
  • 29. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Trust, but verify… Do you trust your colleagues? I hope the answer is yes
  • 30. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Trust is built with consistency Do you trust the rest of the world?
  • 31. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter End-to-End transparency TRUST Traceability What matters for ingredients libraries?
  • 32. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter I think it is safe to say that… Having trust in where your ingredients come from and who made them is important in both making cheesecake and software
  • 33. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Protecting your recipes
  • 34. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter 35 licenses • 13 require you to publish product sources • 4 allow users to ask for sources on hosted software Open source licenses Source: https://choosealicense.com/appendix/
  • 35. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Source code Recipes in software Developers programming in DevSecOps environments fix 11x faster than other developers
  • 36. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter “Security is your friend! Seriously! Developers are the true sentries of product security, as not introducing accidental weaknesses in the first place is always much better than even the fastest hotfix process later on. DevSecOps practices that make developers into security champions”
  • 37. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter So lets look at some of that in action… Yes, I’ll use JFrog software but it’s equally applicable to other software vendors & products too J
  • 38. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Common faults • Input Validation • Memory Corruption • Numeric Errors • Cryptographic Issues But what about • Hardcoded Passwords, • Missing Validation • Backdoors • Data Anomalies Recipes in software: things to watch for @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 39. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Immutability and repeatability The best way to guarantee issues is force push Immutable dependencies Who doesn’t remember left-pad with Node.js? Lost Dependencies Do you trust your suppliers enough? Internet Issues
  • 40. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Where should we inject security?
  • 41. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter • aims to embed security in every part of the application lifecycle – run time, build time and even development time. • means developing more secure applications faster refusing to accept that the two (secure & fast) are mutually exclusive! At the beginning of the process! Shifting left…
  • 42. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Buildtime, Runtime, and real-time security
  • 43. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter • Treat DevOps as code (automate your processes as much as possible) • Standardize and automate your security and governance processes • Get insights into your end-to-end process (visibility and transparency) Devsecops do’s
  • 44. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter • Have developers write and maintain scripts for DevOps • Think that all current tools and processes will magically work when moving to cloud or containers • Believe that a single vendor has all tools you need • Think that security is someone else’s problem • Think that a firewall is more than adequate security Devsecops don’ts
  • 45. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Trusting your ingredients Trusting your suppliers Transparency in your process recap
  • 46. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter • https://jfrog.com/shownotes • @JFrog • #DevSecOps / #DevOps • @LeonStigter Twitter, ads, and Q&a
  • 47. @JFrog | jfrog.com/shownotes | #Meetup | #DevSecOps | @LeonStigter Thank you! Stay safe!