Sort by:  

Authors: Izar Tarandach

tldr - powered by Generative AI

The importance of documenting and using threat models in cybersecurity and DevOps
  • Threat models should be stored and available in places that people know where to find them and how to relate and change them
  • Threat models can be used to define security contracts and find commonalities for platforming
  • Templates are useful for making threat models consistent and easy to compare
  • Everyday tools can be used for automating boring parts of the system and dealing with low hanging fruit
  • Threat models are living documents that should be updated and stored for future use
Authors: Chaka Booker

Please join this special lunch and program, sponsored by Trend Micro.Global integration. New business models. Technology. Shifting demographics. Increasingly informed customers. According to research by IBM, these have been drivers of rapid change in our world—and this was prior to the pandemic which ramped ambiguity to levels never seen before. When faced with uncertainty, organizations and people become risk averse, reactionary, less open to additional change, and therefore less inclusive. Ironically, strong decision-making benefits from the opposite—more diversity and more inclusion. In this workshop, participants will explore this tension and learn specific practices to drive the inclusion needed for success in unpredictable times.RSVP not required, however seating is limited.A box lunch will be served
Authors: Richard Hartmann

tldr - powered by Generative AI

The presentation discusses the launch of a certification program called Conformance, Compliance, and Compatibility for Prometheus, which aims to incentivize companies to contribute more to the project and ensure compatibility among different components.
  • The Conformance, Compliance, and Compatibility certification program for Prometheus aims to ensure compatibility among different components and incentivize companies to contribute more to the project.
  • The program requires companies or projects to sign paperwork with CNCF binding themselves to follow the guidelines of the certification program.
  • Companies or projects can self-test and submit results to get a time-limited permission to use the certification mark.
  • The program aims to unlock more contributions to Prometheus and give tech people an official reference to self-test and figure out if things are good.
  • The initial cadence is aggressive, and the program needs at least three companies and all projects to sign up initially.
  • The program is not a hard requirement, but CNCF would like to have more companies and projects to sign up.
  • The program incentivizes companies with money and gives them an official reference to self-test and figure out if things are good.