Dates
Conferences
Tags
Sort by:
Most recent
Conference: Global AppSec San Francisco 2022
Authors: Chris Koehnecke
2022-11-17
tldr - powered by Generative AI
The presentation discusses the OWASP DevSecOps Maturity Model and how to practically apply security controls using open source tools for each requirement.
- The OWASP DevSecOps Maturity Model provides a framework for companies to apply security in a cloud-native and fast-paced engineering world.
- Whatever isn't automated is much more difficult to practically apply to systems.
- Open source security tools have evolved and provide good coverage for many of the layers of the DSOMM model.
- The presentation walks through the different security requirements in the DSOMM framework and does live code demos for each.
- Prioritization of security issues can be done per each pull request.
- The speaker shares their experience with implementing security processes in a startup environment.
- Developers owning security is seen as the future of the security industry.
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Kingdon Barrett, Somtochi Onyekwere
2022-10-27
tldr - powered by Generative AI
Improvements made to Flux CD's support for Git and other source control systems
- Improved support for Git packages, making it easier to contribute
- Refactored spaghetti code into a more organized structure
- Improved support for DevOps Azure DevOps and Git, and AWS CodeCommit
- Improved clone speeds and reduced CPU and memory usage
- PR out to enable GoGet for Azure DevOps and CodeCommit
- Formalized RFC process for feature requests
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Erin Boyd, Matt Farina
2022-10-27
tldr - powered by Generative AI
The keynote presentation discusses the evolution of the TOC and its role in guiding technical decisions to improve the way the cloud native community is served.
- Continuous Improvement (CI) is not a new concept and is based on continuous improvement of working practices and personal efficiency.
- The TOC has continuously evolved to meet the scale of project adoption and provide value to the cloud native community.
- The TOC represents 10 companies, including 3 end users, and members work in small, medium, and large companies from 4 different countries and 2 continents.
- The TOC's mission is to take Cloud native Computing everywhere from the desktop to the data center to the edge.
- The TOC guides technical decisions through open governance and transparency, technical evolution, and interoperability.
- The TOC shepherds projects through the three stages of the CNCF: sandbox, incubation, and graduation.
- The TOC created technical advisory groups (TAGs) to manage the many projects and technical areas.
- TAGs cover a wide variety of areas, including security, storage, and disaster recovery.
- The TAGs collaborate with projects on security reviews, supply chain security, and storage architectures.
- The TOC is constantly looking for ways to improve processes and listens to feedback to ensure positive and sustainable growth for the future.