What DevOps and Open Source Security have in common

Recently I had the pleasure of joining Courtney Nash on the new O’Reilly Security podcast. We had a really good conversation, covering key topics such as:

• Why developers should own security, and why they haven’t done so yet

• How can we bring the DevOps revolution into the world of security

• What are each of our roles in improving Open Source Security

• More tactically, handling vulnerabilities in open source components

Courtney is a great interviewer and an expert in her own right, and I feel the conversation had a lot of good content about how we can move application security forward. Definitely worth a listen, which you can do through iTunes or SoundCloud, embedded below:

Listen to O'Reilly Radar – Guy Podjarny on Making Open Source More Secure

O’Reilly Security: The Defenders Conference

This podcast was a part of O’Reilly’s recent expansion into security. I’m thrilled to have O’Reilly take on security, as I believe their developer reach and approach can make a dramatic impact on helping security be a natural part of development. As the podcast also mentions, security - like most topics - is all about people. If we can bring the culture and awareness we have in DevOps into the world of Security, it can make a massive impact on how secure we’ll be.

The key part of O’Reilly’s security reach is its new conference, named (somewhat boringly) “O’Reilly Security”. Unlike many security conferences, this event is not focused on the latest research or some cool new hacking technique, but rather on the other side of the equation - the defenders. The conference spans many security fields, but in all of them the focus is on how we can defend well.

It touches culture, tooling, practices, case studies and more, and I would highly encourage you to join in, even if you don’t have “Security” in your job title. You can find the full details on the O’Reilly Security website - be sure to use the code SEC20 for a 20% discount!