logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Medya Ghazizadeh
2023-04-21

tldr - powered by Generative AI

Investments made in Mini Cube to improve developer velocity and accessibility for non-English speakers
  • Investment in translation framework for Mini Cube to allow for easy addition of languages
  • Development of Trash Party to include users in the issue resolution process
  • Overhaul of Mini Cube website for better public usability
  • Investment in developer velocity through tools such as gopoke, slow jam, and time to case
  • Automated benchmarking of Mini Cube PRs to track performance changes
  • Investment in machine-usable features such as JSON output and event mechanism
  • Expansion of Mini Cube usage to CI and GitHub actions
Authors: Jim Manico, semgrep.dev
2022-11-18

tldr - powered by Generative AI

The presentation discusses the history and progress of information security testing and the role of OWASP in promoting application security.
  • The history of security testing dates back to the Polish researchers who built the first security testing tool to crack Enigma during World War II.
  • The first security testing device in modern history is the bomb.
  • The OWASP foundation is a non-profit international foundation dedicated to helping people and organizations make informed decisions about application security risk.
  • OWASP has released several free guides and tools to promote application security, including the OWASP Top 10 and the Application Security Verification Standard.
  • Cross-site scripting is a complicated vulnerability category that requires attention in application security.
Authors: Shane Lawrence
2022-10-27

tldr - powered by Generative AI

The presentation discusses the parallels between open source software and manufacturing, and how lessons learned by automakers in the last century can benefit software development today. It also highlights potential pitfalls made by industrialists that should be avoided.
  • Standardized builds following an exact predefined process have not been common in tech, but progress is being made with projects like In Toto and the Sig store project
  • Standardized metrics and real-time monitoring can help identify problems sooner
  • Outsourcing can be a major problem for industries, and it's important to be flexible and take inventory often
  • It's important to keep up with the times, but some changes are not always good
  • Open source has the power to democratize vast opportunities presented by technology in the 21st century