logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Matt Jarvis, Andrew Martin
2023-04-20

tldr - powered by Generative AI

The impact of AI on cybersecurity and DevOps is likely to be significant, but it raises questions about trust and the potential for automated adversaries. The security landscape will become more complex, and it will be imperative to rethink how we educate and train the next generation of developers and security practitioners.
  • AI-generated programming may make it easier for human programmers to create software, but it also raises concerns about job displacement and the potential for machines to provide us with the wrong answers
  • Automated attack simulation and deep fakes are growing threats, and AI tooling may be able to generate novel exploit code and wreak havoc on our systems
  • Automated remediation may be a potential foil to attackers, but it raises concerns about false negatives and the potential for production downtime
  • It is important to rethink how we educate and train the next generation of developers and security practitioners to meet the challenges of the evolving security landscape
Authors: Tiffany Jernigan
2022-10-24

tldr - powered by Generative AI

The presentation discusses the importance of security in DevOps and Kubernetes and provides tips on how to ensure secure software development and deployment.
  • Source code analysis tools such as OASP can help analyze source code and compiled versions of code to find security flaws
  • Validating the source of code, build system, and artifact pushers can ensure trusted software development and deployment
  • Vulnerability scanning with tools like Claire and Trivi can help identify known CVEs
  • Immutable dependencies and ephemeral builds can mitigate attacks on code dependencies and build infrastructures
  • Observability through metrics and logging can help audit user and privilege changes and security events
  • Source code analysis tools such as OASP can help analyze source code and compiled versions of code to find security flaws
Authors: Emily Fox, Brandon Lum, Andres Vega
2021-10-13

tldr - powered by Generative AI

Cloud native security is constantly evolving to keep up with the changes in software management and architecture. The Security TAG is a community of passionate volunteers who guide the community on appropriate security mechanisms, architectures, design patterns, and tooling.
  • Cloud native security is not new, but is under constant iteration and creation
  • The Security TAG considers, analyzes, and guides the community on appropriate security mechanisms, architectures, design patterns, and tooling
  • The Security TAG has undertaken several efforts with community impact such as the Supply Chain Security Paper, CNCF Project Security Reviews, Security Pals, and more
  • Cloud native security creates disposable layers of credential providing protection from certain scales of attacks
  • The Security TAG is changing the entire technology ecosystem