Session 1: Patrick Debois – How Secure Is Your Build / Server?
Session 2: Natalia Djohari – Achieving DevOps – lessons learned from a past project
SESSION 1: HOW SECURE IS YOUR BUILD / SERVER?
Speaker: Patrick Debois
We have learned that we need to trust others, but as our parents used to say – don’t trust strangers. So we secure our production server more than ever. Yet, there is this no-man’s land: “the build server”. We think it’s time to take a closer look at some of the good practices around securing builds & artifacts to improve our day to day level of trust. Development has changed over the years, from doing everything yourself to a 3rd party package for every function. Operations has changed too, running your own servers is now considered an exception. To the cloud! We have learned that we need to trust others, but as our parents used to say – don’t trust strangers. So we secure our production server more than ever. Yet, in the middle sits this no-man’s land: “the CI server”. We think it’s time to take a closer look at some of the good practices around securing builds & artifacts to improve our day to day level of trust. With Marked Sherman statement “Development is now assembly” in mind, the talk will focus more on the package/artifact/repository aspect. Less on the app security inside the code itself or at the OS/Machine level. During this talk he will discuss in detail about:
How much of our work is based on gut feeling & trust using examples from metadata, binaries, and repositories
How to provide trust to others that build upon your software
How this ties into the concept of “reproducible builds” and “Software Bill of Material”
How this notion of trust applies to both people and technology Let’s take ownership of your trust, we are already responsible when things go wrong anyway.
SESSION 2: ACHIEVING DEVOPS – LESSONS LEARNED FROM A PAST PROJECT
Speaker: Natalia Djohari
In starting a project, there are plenty of things to consider from whether a solution is suitable or what the right tech stack should be. However, the one thing that is not often told is the developer experience and how it grows. Here are the lessons learned from a recent project to highlight the problem and challenges faced before eventually achieving a DevOps culture.