Loading…
Looking for a specific timezone? We have it covered...
View analytic
Tuesday, October 24 • 13:30 - 14:15
We Are All Equifax: The Data Behind DevSecOps

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.

In March 2017, hackers took three days to identify and exploit a new vulnerability in Equifax’s web applications.  In the post-Equifax world, moving new business requirements (e.g., a non-vulnerable version of Struts2) into production in under three days might just be your new normal.

Join this session to better understand how DevSecOps teams are applying lessons from W. Edwards Deming (circa 1982), Malcolm Goldrath (circa 1984) and Gene Kim (circa 2013) to improve their ability to respond to new business requirements and cyber risks.  It starts with emphasizing the performance of the entire system and never passing known defects downstream.

To that end, DevOps teams are consuming billions of open source components and containerized applications to improve productivity at a massive scale. The good news: they are accelerating time to market. The bad news: many of the components and containers they are using are fraught with defects including critical security vulnerabilities.

This session aims to enlighten DevOps teams, security and development professionals by sharing results from the 2017 State of the Software Supply Chain Report -- a blend of public and proprietary data with expert research and analysis. Throughout the discussion, I will share lessons that Deming employed decades ago to help us accelerate adoption of the right DevSecOps culture, practices, and measures today.

Attendees in this session will learn:

  • What our analysis of 17,000 applications reveals about the quality and security of software built with open source components
  • How organizations like PayPal, Intuit, Fannie Mae and the Department of Defense are utilizing the DevOps principles of software supply chain automation

  • Why avoiding open source components and containers over 3 years old might be a really good idea

  • How to balance the need for speed with quality and security -- early in the development lifecycle

Attend this session and leverage the insights to understand how your organization's application DevOpsSec practices compare to others. We'll share the industry benchmarks to take back and discuss with your DevOps, development and security teams.


Speakers
avatar for Derek Weeks

Derek Weeks

VP, Sonatype
After flying to 40 countries and racing through a half-Ironman competition, Derek woke up one morning on the top of Kilimanjaro and saw the world in a new light. Soon after, Derek become a huge advocate of applying proven supply chain management principles into DevSecOps practice... Read More →


Tuesday October 24, 2017 13:30 - 14:15
Automated Security: USA/East Coast

Attendees (467)