Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Josh Berkus, Dawn Foster, Catherine Paganini, Nate Waddington, Dave Sudia
2023-04-20
Helping others pays off. The TAG Contributor Strategy's (TAG CS) mission is to help open source projects succeed. Whether establishing best practices and tips for projects to recruit contributors, govern themselves effectively to stay healthy, scale sustainably and transparently, or mentor others effectively, TAG CS members get something out of it too. Join this panel discussion to hear from TAG CS members what they've gotten out of giving, including how it's shaped their careers, advanced their skills, and grown their own community. And if you are a maintainer and like what you hear, you should join us too!
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Savitha Raghunathan, Tabitha Sable, Mahé Tardy, Ala Dewberry
2023-04-19
tldr - powered by Generative AI
The conference presentation discusses various sub-projects under Kubernetes SIG Security, including self-assessment, tooling, and third-party security audit. The focus is on improving the security posture of Kubernetes and supporting developers in deploying applications securely.
- Kubernetes SIG Security has several sub-projects aimed at improving the security of Kubernetes and supporting developers in deploying applications securely
- The self-assessment sub-project aims to determine the security posture of workflows by answering two questions
- The tooling sub-project focuses on building and improving the security of the project and creating a space for new contributors to share and learn
- The third-party security audit sub-project facilitates regular expert audits by third-party auditing firms to improve the security of Kubernetes code and design
- The recent audit report identified several medium and low-level findings, which have been addressed by the security response committee and the SIGs
- The sub-projects are looking for new contributors and maintainers interested in improving Kubernetes security
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Huamin Chen, Cara Delia
2023-04-19
tldr - powered by Generative AI
Open source collaboration can accelerate sustainable computing efforts to address the climate crisis. The use of community building and cross-collaboration can lead to policy development, research, and future investment in energy conservation and CO2 emissions reductions.
- Open source collaboration can accelerate sustainable computing efforts to address the climate crisis
- Community building can lead to policy development, research, and future investment in energy conservation and CO2 emissions reductions
- Cross-collaboration with other climate-focused communities is important
- Project Kepler works to export workload energy consumption across a wide range of computing platforms
- Project Capital captures energy usage by a workload running on Kubernetes clusters and enables innovation in workload scheduling, tuning, and scaling
- Project Capital is collaborative and has contributors from around the world
- The project is donated to CNCF and waiting for sandbox approval
Conference: Global AppSec San Francisco 2022
Authors: Warren Kopp
2022-11-18
Building an application security program is hard. Application Security teams struggle to grow, be effective, or get budget. Why? They’re missing the collaboration. You face resistance from developers, they don’t want to change their practices. You face resistance from testers, this isn’t in their test plans. You face resistance from leadership, SAST costs how much?! Overcoming this adversity depends on growing your communication and collaboration skills. It’s key to learn how to identify stakeholders for AppSec output. Who needs to know about your metrics? Why do they need to know that? Is it Marketing, to help sell your software, your posture, your commitment? Is it Compliance, to know about all the hard work that gets done building secure defaults? Is it Operations, so they know how to report new vulnerabilities? These are only a few examples of where in your company you might find new allies.At every level in an organization there are people who need to know about Application Security who aren’t currently even aware of the concept. And they need your help to get there. Attendees will learn about sharing their hard work with the right people across their organization. They will learn about how to find the right people for their message, and about building the right message for the audience. They will learn how to solicit feedback and build actionable plans and goals to address it.It is on the shoulders of Application Security Teams to reach out and build a community around their goals. This takes a lot of meetings, a lot of compromise, and quite often a lot of doing “non-security” work. But it builds a stronger team that breaks down existing silos. It builds a more effective organization that can adapt to changes in customers, markets, and technologies. Building a community around application security amplifies effort, but more importantly, strengthens the output. After building your community you will learn about vulnerabilities sooner, address questions quicker, and support your customers better, all while delivering more secure software.
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Savitha Raghunathan, Tabitha Sable, Ala Dewberry
2022-10-27
tldr - powered by Generative AI
The presentation discusses the importance of self-assessments in Kubernetes security and how it empowers autonomy. It also highlights the Cappy self-assessment and its positive outcome.
- Self-assessments are important in determining the security posture of a workflow in a project and identifying areas for improvement
- The Cappy self-assessment was successful and led to the creation of a sub-project in Kubernetes
- Self-assessments empower autonomy by allowing teams to take ownership of their security posture and make improvements
- Action items from the assessment should be captured and implemented to improve security
- North Star goals for sub-projects should be established to guide the self-assessment process
Conference: OWASP 20th Anniversary Event
Authors: Sam Stepanyan, Tom Brennan
2021-09-24
tldr - powered by Generative AI
The presentation discusses the importance of OWASP chapters in advancing tactical knowledge and understanding software security. It emphasizes the value of membership and consistent meetings in recruiting attendees and building a community.
- OWASP chapters are important in advancing tactical knowledge and understanding software security
- Multiple people in the chapter should share a common bond and understanding
- Understanding historical changes and policies can help utilize operational processes
- OWASP has around 300 projects on its list, constantly growing every day
- Existing projects can be used as content for meetings and collaboration
- Recruiting attendees is not difficult if the focus is on software security
- Membership is important in shaping the direction of the organization and building a global community
- Consistent meetings and virtual components are useful in building a community