Authors: Christoph Blecker, Joanna Lee, Arun Gupta, Alena Prokharchyk, Andres Vega, Emily Fox, Matt Farina
2023-04-20
tldr - powered by Generative AI
The presentation discusses the development of a new code of conduct body for the cloud native community, with a focus on community health and increasing understanding between members. The goal is to create a healthy community where everyone feels safe participating in.
The new code of conduct body is being developed to define common expectations and procedures for the cloud native community.
The goal is to create a healthy community where everyone feels safe participating in.
Increasing understanding between community members is essential to achieving this goal.
The code of conduct committee aims to provide transparency and fairness in the process, with clear conflict of interest procedures and multiple paths for reporting.
The committee also aims to promote restorative and transformative justice, in addition to traditional incident resolution procedures.
The presentation discusses the importance of secure development environments in the face of supply chain security incidents and vulnerabilities in open source code and containers.
Open source code makes up a significant portion of an organization's codebase, and new packages are constantly being developed, leading to vulnerabilities and breaches.
Containerization is important for keeping code and infrastructure clean, but vulnerabilities can still surface in containers.
Developers' integrated development environments, such as Visual Studio Code, are also vulnerable to attacks.
Secure development environments are crucial for protecting end users and require a shift left approach to security.
The presentation includes a demonstration of a vulnerability in the Instant Markdown plugin for Visual Studio Code.
The number of security incidents and data breaches are increasing. It feels like not a week goes by without hearing of another breach or compromise. Are we getting worse at doing security? In this talk I'll provide my opinion on this, from an application security perspective, by taking a look at how software development has changed over the years. As we move towards Cloud Native workloads, staying secure is harder; and it's not always your developers' fault.