What DevOps and Open Source Security have in common
Recently I had the pleasure of joining Courtney Nash on the new O’Reilly Security podcast. We had a really good conversation, covering key topics such as:
- Why developers should own security, and why they haven’t done so yet
- How can we bring the DevOps revolution into the world of security
- What are each of our roles in improving Open Source Security
- More tactically, handling vulnerabilities in open source components
Courtney is a great interviewer and an expert in her own right, and I feel the conversation had a lot of good content about how we can move application security forward. Definitely worth a listen, which you can do through iTunes or SoundCloud, embedded below:
O’Reilly Security: The Defenders Conference
This podcast was a part of O’Reilly’s recent expansion into security. I’m thrilled to have O’Reilly take on security, as I believe their developer reach and approach can make a dramatic impact on helping security be a natural part of development. As the podcast also mentions, security - like most topics - is all about people. If we can bring the culture and awareness we have in DevOps into the world of Security, it can make a massive impact on how secure we’ll be.
The key part of O’Reilly’s security reach is its new conference, named (somewhat boringly) “O’Reilly Security”. Unlike many security conferences, this event is not focused on the latest research or some cool new hacking technique, but rather on the other side of the equation - the defenders. The conference spans many security fields, but in all of them the focus is on how we can defend well.
It touches culture, tooling, practices, case studies and more, and I would highly encourage you to join in, even if you don’t have “Security” in your job title. You can find the full details on the O’Reilly Security website - be sure to use the code
SEC20 for a 20% discount!
Using ES2015 Proxy for fun and profit
August 23, 2016Much has been written about ES2015 - with its arrow functions, scoped variable declarations and controversial classes. However, a certain feature has received little love so far: the Proxy.
Engineering is somewhat like basketball
August 04, 2016Great engineering teams ship fast and employ Continuous Delivery practices. Having an agreed time constraint for releases within the team removes obstacles such as complex merges and low quality of code.
Subscribe to The Secure Developer Podcast
A podcast about security for developers, covering tools and best practices.
Interested in web security?
Subscribe to our newsletter: