logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Jared Watts, Muvaffak Onuş
2023-04-19

In this session, the Crossplane maintainer team be focusing on a few exciting hands-on activities together - we will walk through a contributor enablement session to help you get a development environment set up and ready to contribute to the project, and we will also walk through using some of the latest features in Crossplane to expedite your adoption of them, as well as discuss your important feedback to help continue maturing them.This Contribfest session is designed to provide projects with the space and resources to tackle outstanding technical debt, security issues, or outstanding impactful feature requests. They are intended to provide a place for maintainers to meet contributors and potential contributors and work together on solving a problem.
Authors: Or Sahar, Yariv Tal
2022-11-17

After many years of developing, mentoring developers, and security research we reach the conclusion that there is a profound failure in the way we teach secure code. Developers arrive at organizations after years of studying and then once in a while participate in secure code courses, sometimes only because of the regulation. In that way, developers arrive at the secure code course after they got used to bad habits, security-wise. It's difficult to change the way they code at that point. We want to change the situation and implement security awareness before their first line of code. We want that every StackOverflow author would write secure code in her/his tutorial. Let's talk about secure code from scratch!
Authors: Annie Talvasto
2022-05-20

tldr - powered by Generative AI

Lessons from Anime for Kubernetes and DevOps
  • Connecting to other services and identifying other teams in the vicinity is important in the Kubernetes world
  • Volumes are necessary for storing information and gear
  • Namespaces help with privacy and peace in the team
  • Self-development is important for leveling up skills
  • Taking breaks and monitoring surroundings is crucial
  • Documentation is important for historical context and team communication
Authors: Connor Gorman
2022-05-20

tldr - powered by Generative AI

Developers play a crucial role in scaling Kubernetes security by integrating security into development workflows and becoming security stakeholders.
  • The success of Kubernetes and its ecosystem has enabled developers to ship more code, build more deployments, and ship faster than ever before, but this also poses security challenges.
  • The number of developers is much larger than the number of security engineers, making it difficult for small security teams to support the ever-growing number of deployments.
  • Developers and security teams need to collaborate to mitigate security issues and prepare for the next vulnerability.
  • Integrating security deeply into development workflows empowers developers to be security stakeholders and scales the remediation of security issues.
  • Developers should be involved as early as possible in security and helped to solve their own issues.
  • Creating gates should focus on the why and make developers more proactive.
  • Mitigating security issues is like a race, and it takes a concerted effort by both developers and security operations to make it happen.
  • Building up muscle memory by practicing day-to-day workflows and processes is crucial to achieving smooth code shipping and treating every security-related commit equally.
Authors: Savitha Raghunathan, Kunal Kushwaha, Saiyam Pathak, Divya Mohan
2022-05-20

tldr - powered by Generative AI

The presentation discusses the importance of contributing to open source projects, particularly in the cloud native ecosystem, and provides tips for beginners on how to get started.
  • Learning in public and documenting one's journey is common practice, especially during the pandemic
  • Non-code contributions, such as writing blogs and documentation, are valuable
  • Initiatives like the CNCF student track help newcomers navigate the ecosystem
  • Submitting a PR to contribute to an open source project requires outlining the problem the project solves and providing good documentation
  • Learning by doing and contributing while learning is recommended
  • It's important to pace oneself and avoid burnout
  • Maintainers may be busy and response times may vary
Conference:  Transform X 2021
Authors: Soumith Chintala
2021-10-07

tldr - powered by Generative AI

The presentation discusses the journey of PyTorch, an open-source machine learning framework, and how the team focused on a specific market to excel and scaled their efforts while taking deliberate risks and measuring their progress.
  • PyTorch focused on the ML researcher market and aimed to provide flexibility and debuggability in their framework
  • The team took deliberate risks and made a bet on the future of the ML researcher market
  • Measurement and metrics were important for PyTorch to track their progress and iterate on their product
  • Scaling efforts required prioritizing and figuring out whether to vertically integrate or modularize the project
Authors: Veronica Schmitt
2021-09-24

tldr - powered by Generative AI

The speaker discusses the importance of implementing five simple philosophies for application logging to improve cybersecurity and DevOps practices.
  • The five philosophies were inspired by Gene Kim's book and include keeping logs simple, tagged, clean, focused, and customer-oriented.
  • Logs should be easy to read and maintain, with just enough detail to debug without compromising sensitive information.
  • Tagging sensitive data and creating metadata can help prevent accidental disclosure and aid in digital forensics and incident response.
  • Continuous improvement and psychological safety are crucial for teams to admit mistakes and learn from them.
  • Customer focus should be prioritized in building custom-oriented, secure applications.
Authors: Kevin Wall
2021-09-24

Abstract:This talk will explore the lessons that I have learned in more than 20 years of  developing, using, and reviewing FOSS-based security libraries. It will cover the well known XYZ library from both an open source development process and technical architectural perspective.
Authors: Sam Stepanyan, Tom Brennan
2021-09-24

tldr - powered by Generative AI

The presentation discusses the importance of OWASP chapters in advancing tactical knowledge and understanding software security. It emphasizes the value of membership and consistent meetings in recruiting attendees and building a community.
  • OWASP chapters are important in advancing tactical knowledge and understanding software security
  • Multiple people in the chapter should share a common bond and understanding
  • Understanding historical changes and policies can help utilize operational processes
  • OWASP has around 300 projects on its list, constantly growing every day
  • Existing projects can be used as content for meetings and collaboration
  • Recruiting attendees is not difficult if the focus is on software security
  • Membership is important in shaping the direction of the organization and building a global community
  • Consistent meetings and virtual components are useful in building a community