What DevOps and Open Source Security have in common

Guy Podjarny's avatar Guy Podjarny

Recently I had the pleasure of joining Courtney Nash on the new O’Reilly Security podcast. We had a really good conversation, covering key topics such as:

  • Why developers should own security, and why they haven’t done so yet
  • How can we bring the DevOps revolution into the world of security
  • What are each of our roles in improving Open Source Security
  • More tactically, handling vulnerabilities in open source components

Courtney is a great interviewer and an expert in her own right, and I feel the conversation had a lot of good content about how we can move application security forward. Definitely worth a listen, which you can do through iTunes or SoundCloud, embedded below:

O’Reilly Security: The Defenders Conference

This podcast was a part of O’Reilly’s recent expansion into security. I’m thrilled to have O’Reilly take on security, as I believe their developer reach and approach can make a dramatic impact on helping security be a natural part of development. As the podcast also mentions, security - like most topics - is all about people. If we can bring the culture and awareness we have in DevOps into the world of Security, it can make a massive impact on how secure we’ll be.

The key part of O’Reilly’s security reach is its new conference, named (somewhat boringly) “O’Reilly Security”. Unlike many security conferences, this event is not focused on the latest research or some cool new hacking technique, but rather on the other side of the equation - the defenders. The conference spans many security fields, but in all of them the focus is on how we can defend well.

It touches culture, tooling, practices, case studies and more, and I would highly encourage you to join in, even if you don’t have “Security” in your job title. You can find the full details on the O’Reilly Security website - be sure to use the code SEC20 for a 20% discount!

Using ES2015 Proxy for fun and profit

August 23, 2016

Much has been written about ES2015 - with its arrow functions, scoped variable declarations and controversial classes. However, a certain feature has received little love so far: the Proxy.

Engineering is somewhat like basketball

August 04, 2016

Great engineering teams ship fast and employ Continuous Delivery practices. Having an agreed time constraint for releases within the team removes obstacles such as complex merges and low quality of code.

Subscribe to The Secure Developer Podcast

A podcast about security for developers, covering tools and best practices.

Find out more

Interested in web security?

Subscribe to our newsletter:

Get realtime updates and fixes for JavaScript, Ruby and Java vulnerabilities that affect your applications