Kurzer Abriss zum Event und unserer Beteiligung:
Im Rahmen der OOP 2022 wurden am 2. Februar 2022 Vorträge aus der Lounge der intersoft AG von Johannes Mainusch (kommitment GmbH & Co. KG, Hamburg) moderiert. Der Vortrag von Erik Dörnenburg sollte aus gegebenen Anlass ebenfalls aus unseren Räumlichkeiten gefilmt werden. Doch leider hat Covid-19 uns und auch Erik Dörnenburg die Umsetzung unseres Plans ein wenig erschwert. Im Video erfahrt Ihr mehr. Außerdem könnt Ihr hier den gesamten Vortrag von Erik Dörnenburg zum Thema "DevSecOps - A Practitioner's View" sehen. Viel Spaß!
Titel
DevSecOps - A Practitioner's View
Abstract
How do you do DevSecOps in practice? What are relevant tools and practices? Based on his work as a consultant and as a member of the advisory board that publishes the Thoughtworks Technology Radar Erik will give an overview of tools and practices that have proven themselves in real-world use. And because security is now relevant at each step of the process, the scope of the talk is broad. It includes architecture, the software supply chain, fitness functions and how to implement them in a build pipeline, as well as runtime monitoring.
Extended Abstract
Closer collaboration between developers and operations people brought businesses many benefits. It is also fair to say, though, that it created new headaches. Some practices, especially continuous deployments, forced us to rethink the traditional security sandwich, with conceptual work up-front and a pen test at the end. It was easy to sneak a “Sec” into DevOps, it was reasonably obvious to call for security to be “shifted-left”, but in practice this raised even more questions.
Based on his experience working as a consultant Erik will address these quesions. He will discuss practices like container security scanning, binary attestation, and chaos engineering, alongside examples of concrete tooling supporting these practices. In addition Erik will show how the concept of fitness functions, which have become popular in evolutionary approaches architecture, can be applied in the security domain.
(Quelle OOP 2022)
0 Comments