Name: DevSecOps – Ensuring built-in-Security in an evolved DevOps landscape
Start: 2020-10-06T12:00:00Z
End: 2020-10-06T12:01:06.000Z
Location: BrightTALK
Rating: 4.7

The webcasts in this channel will highlight trends and best practices for the application development lifecycle as well as how to make sure your application maintain a steady level of service.

Let’s say you hear a claim that test tooling is coming that will recognize a failure, file a report, fix the production code, re-run and note the defect is fixed. Is this credible or not? How would you know?

It seems like every day we are bombarded with claims like this. Yet no one talks about discernment. Here we are, discussing testing, a professional activity whose role includes figuring out what is really going on, whose philosophers talk about epistemology, the science of knowing, and no one is talking about how to figure out what is actually going on in AI as an accelerator of testing.

It’s time we start.

Starting with an explanation of how large language models (LLMs) actually work, speaker and author Matt Heusser will build a conceptualization to help you understand what they are actually doing, and why they seem to work yet fail so spectacularly so often. After that he’ll discuss some actual practical applications, including a few real examples from the field. The goal here isn’t to give you an answer -- it is to give you a feel for how to find out the answer

Finally, we’ll put AI in context, compared to other “veritable tsunami waves” that were going to eliminate what came before.

Some ideas in AI are hip; some are hype. 

Let’s start talking about how to know the difference. 

… maybe with a couple of hip examples if we can.

About the speaker:
Matthew Heusser is the managing director at Excelon Development, and the co-author of “Software Testing Strategies: A Guide for the 2020’s.” He is also the 2014 recipient of the Most Influential Agile Test Professional Person (MAITPP) award in Potsdam Germany, a 2015 recipient of the Most Popular Online Contributor to Agile at the Agile Awards (Marble Arch, United Kingdom). Over the course his adult career in software, he has served two terms on the Association for Software Testing and delivered keynote speeches on the topic on three continents. Learn about Matt at www.xndev.com.

Discernment in AI: Hip vs. Hype

If generative AI models train on open source code, do they violate open source licenses? That's a question that AI developers, open source advocates and lawyers continue to hash out. The answers they find are poised to have profound consequences both for open source communities, forcing them to rethink software licensing strategies; and for developers who create software with help from generative AI-based tools (such as Copilot), which may or may not turn out to create licensing liabilities.

Although it remains unclear at present how the licensing debates surrounding open source and genAI will ultimately play out, it's not too early to predict what may plausibly happen. Tune into this session presented by professor and lecturer Christopher Tozzi  as he assesses the history and current state of legal claims involving GenAI and open source software and offers guidance on how developers who leverage genAI coding tools can best protect themselves against potential licensing issues.

About the speaker
Christopher Tozzi, a professor and freelance writer, has been writing and teaching about technology for more than a decade, with particular focus on topics including open source, software development and AI/ML. He is the author of For Fun and Profit: A History of the Free and Open Source Software Revolution (MIT Press, 2017), as well as an adjunct research advisor for IDC and a frequent contributor to media sites such as TechTarget, InformationWeek and Data Center Knowledge.

Assessing the State of Open Source Software Licensing and Generative AI

We would like to think that AI-based machine learning systems will always produce the right answer within their problem domain. However, in reality, their performance is a direct result of the data used to train them. The answers in production are only as good as that training data.

But data collected by human means, such as surveys, observations, or estimates can have built-in human biases, such as the confirmation bias or the representative bias. Even seemingly objective measurements can measure the wrong things or miss essential information about the problem domain.

The effects of biased data can be even more insidious. AI systems often function as black boxes, which means technologists are unaware of how an AI came to its conclusion. This can make it particularly hard to identify any inequality, bias, or discrimination feeding into a particular decision.

Tune into this talk to learn how AI systems can suffer from the same biases as human experts, and how that could lead to biased results. Viewers will learn how testers, data scientists, and other stakeholders can develop test cases to recognize biases, both in data and the resulting system, and how to address those biases.

About the speaker
Gerie Owen is a Lead Quality Engineer at ZS. She is a Certified Scrum Master, Conference Presenter and Author on technology and testing topics. She enjoys analyzing and improving test processes and mentoring new Quality Engineers as well as bringing a cohesive team approach to testing. Gerie is the author of many articles on technology including Agile and DevOps topics. She chooses her presentation topics based on her experiences in technology, what she has learned from them and what she would do to improve them. Gerie can be reached at gerie@gerieowen.com.  Her blog, Testing in the Trenches, is https://testinggirl.wordpress.com/ and she is available at www.gerieowen.com  and on Twitter and LinkedIn.

Testing for Cognitive Bias in AI Systems

As businesses increasingly embrace digital transformation, the role of software methodologies becomes paramount in steering organizations toward success.

In a thought-provoking presentation, Anastasiia Syrota, Project Manager at Intellectsoft, will delve into the dynamic realm of software methodologies, offering valuable insights into the top strategies being used by Intellectsoft that other companies can learn from, potentially influencing the way they approach software development in the coming year. 

Anastasiia will provide: 
- A comprehensive overview of the current software landscape, illuminating the key methodologies that promise to redefine how enterprises operate, innovate, and thrive.
- Actionable advice on tailoring methodologies to specific organizational needs.
- Attendees will leave better equipped to navigate the digital landscape and propel their enterprises to success in this year.

 Don't miss the chance to gain a strategic advantage. Having been in software development since 2007, Intellecsoft completed 500+ successful projects, including the world’s top companies, such as Universal, E&Y, Nestle, and many more

Top 12 Software Development Methodologies to Use in 2024

Companies today often find themselves in positions where writing software tests are time-consuming and unproductive. leaving developers lacking clear guidance for how to test important features. Once your company reaches a certain size, it's important to develop a scalable test strategy to ensure engineers can continue writing good tests in a productive manner. 

In this talk, tech lead, author and professor Dr. Mauricio Aniche will explore different factors at play when designing a test strategy as well as the different trade-offs you will have to make to implement the right approach for your company. 

About the speaker
Dr. Maurício Aniche’s life mission is to help software engineers to become better and more productive. Maurício is a Tech Lead at Adyen, where he heads the Tech Academy team and leads different engineering enablement initiatives. Maurício is also an assistant professor of software engineering at Delft University of Technology in the Netherlands. His teaching efforts in software testing gave him the Computer Science Teacher of the Year 2021 award and the TU Delft Education Fellowship, a prestigious fellowship given to innovative lecturers. He is the author of the “Effective Software Testing: A Developer’s Guide”, published by Manning in 2022. He’s currently working on a new book entitled “Simple Object-Oriented Design” which should be on the market soon.

Designing a Scalable Testing Strategy

DevOps is great, if you have the people, processes and tools to support it. In this session I’ll highlight the easiest ways for Java developers to work with their IT organizations and partners to deliver their code to the cloud, including the best ways to reliably make updates and maintain production cloud code. The focus is on real-world examples using Linux command line tools, open source tools including Jenkins, and other free SDKs and tools available on GitHub. The examples, tools and demos that I show are applicable to any cloud platform, and all are available on GitHub. I will show Microsoft Azure running the samples but will not be selling azure - this is a technical talk that will focus on the code.

DevOps for Java Shops

For competitive survival,  continuous improvement in product development capability is very important. DevSecOps and Agile development  are two very important framework for going in that direction though rolling out them may be fraught with challenges. There can be several reasons for that. This webinar will focus upon some of the best practices and lessons learnt from speaker’s past experience in multiple organizations and multiple products. This may benefit in making these transformations successful in your own organizations.

DevSecOps and Agile Transformation – Best Practices and Lessons Learnt

As COVID-19 shutdowns sent everyone working from home and close offices for a while, we took the opportunity to eliminate our physical infrastructure, network, domain, and servers and go completely virtual and cloud-based. In this session, we will cover:
What it takes to go virtual
What challenges we had to overcome
What benefits we achieved
What do we now that offices around the world are opening up
We will pay special attention in the session to the security aspects of this transition, both from an internal security administration standpoint and an external cybersecurity defense standpoint.
 
Attendees in this session should be interested in what it looks like to be 100% cloud-based and virtual, and what it takes to get there.

Thanks, COVID-19! Leaving Hybrid Behind To Go All Virtual

The cloud carries unique threats. The cloud Security Alliance  (CSA) is rapidly becoming the OWASP of cloud security standards. DevOps, containers, micro services, APIs, and orchestration are table stakes for effective cloud-native applications. Securing these software interfaces, configurations, and processes is NOT a trivial task. Furthermore, automation isn’t a panacea; in fact, it can mask critical security flaws that propagate. 
This session will describe the Top Threats to Cloud Computing (aka “the Egregious Eleven”), how to identify and mitigate these threats, and how they fit into a cloud-native security program.

The Egregious 11 — Defending Against the CSA Top Threats

When done right, cloud enables agility and speed, breakthrough innovation, economical business scalability, and security.  Cloud providers are rapidly expanding offerings and organizations are embracing these modern approaches.  Why are some organizations reaching new heights with the cloud while others face stormy weather?  In this presentation, you will learn approaches and tips to accelerate and secure a cloud-first strategy and cloud-native solutions.

Soar to New Heights in the Cloud: Tips to Accelerate and Secure

A rapid response time is critical to today’s digital business, pushing many organizations to adopt cloud-native, cloud-first approaches. Businesses must keep evolving to succeed in today’s fast-moving environment. Customers demand instant responses and businesses that can deliver are the ones gaining growth. Leveraging DevOps and instituting cloud platforms and modernized serverless strategies promote agility as well as provide a future approach for building cloud-native applications. This keynote session will share unique insights from current research on how business are adjusting to today’s customer demands and highlight the growth of agile methodologies to enable rapid application delivery. It will also explore how cloud-native technologies can provide an elastic, portable applications environment and how organizational maturity impacts heritage and cloud-native deployments.

The Future of Cloud-Native Applications

The changing needs of the business and evolution of DevOps are driving organizations to reexamine how they test.  Accelerating cycles, increasing need for flexibility, and the influx of DevOps and lean ideas require new thinking like Continuous Testing.  This shift has significant meaning for QA organizations and application testing.  
We will explore how automation, shifting left, ephemeral environments, and other DevOps/lean concepts are driving change into the IT value stream.  We will explore the idea of Continuous Testing and how it can help change your testing strategy to keep pace with tomorrow’s needs.

Continuous Testing: Bringing Continuous Flow to Application Testing

The role of the IT department has changed in recent years and is more aligned with the business than ever. In 2021, as DevOps becomes mainstream, what does this mean for the role of DevOps, automation and Agile in delivering business outcomes?

Join this panel as DevOps experts explore what opportunities - and challenges - DevOps and Agile can create for the business. Points of discussion will include:

- Are businesses investing enough in DevOps and IT teams to enable them to remain competitive in a landscape of accelerated Digital Transformation?
- How can businesses ensure that they reap the rewards of investments they do make?
- Improving cloud-native applications and how to unlock its full potential
- How to we take DevOps to the next level beyond just automation?

Improving DevOps Infrastructure in 2022

Cloud identity and access management resources such as AWS IAM are powerful infrastructure tools that are more akin to cloud-based networks. But the complex layers of cloud IAM configurations creates security challenges, and IAM misconfigurations are common in enterprise cloud environments. These vulnerabilities are now a primary attack vector for hackers and are often missed by compliance checks. 

In this session, Fugue co-founder Josh Stella will simplify how to think critically about IAM security in your cloud infrastructure environment. You’ll understand how to identify dangerous and overly-permissive IAM misconfigurations—and how hackers leverage these vulnerabilities to access your environment, discover resources, move laterally, and extract data without detection. 

Attendees will walk away with a clear understanding of:

How cloud IAM resources work and how to simplify your approach to IAM security 
How to spot dangerous IAM misconfiguration vulnerabilities in your cloud environment
Where compliance often misses with IAM security and how hackers exploit it

Locking Down the Security Of IAM

DevOps is quickly becoming a key to IT and business success.   The rapid pace of business change requires more nimble, flexible, and lean approaches like DevOps to meet tomorrow demands.  DevOps has evolved through multiple generations and is pushing towards Continuous Flow requiring technical, process, and people evolution to keep pace.  We will explore how DevOps has evolved and the impact to technologies, processes, and beyond.  We will explore ways to chart your path forward in this brave, new world.

NextGen DevOps: The Evolving DevOps Journey

The State of Software Delivery Management: Exploring The Future of SDM

Make your business fly

5 Ways to Boost DevOps ROI with Value Streams

The DevSecOps Journey: How to Transform AppSec and Move Toward Secure DevOps

The Future of Testing: Smarter and Adaptable

[Panel] What Does DevOps Mean to the Business in 2020?

DevOps for Apps to accelerate Industry 4.0 and AI@Edge

Building Highly Scalable Apps with Okta

No Time to Test

Don’t miss the train! Test automation is finally growing up.

The Goldilocks Problem of Software Delivery

Fastest Way to go from Prototype to Production with Machine Learning

Why Test Automation Fails… and how you will succeed!

Don't Trust, Test: Automate Security Testing In Your Development Cycle

Effective Risk Management through DevSecOps Testing

The Journey to 360 Test Automation: “One AI Platform to Unite Them All”

Rethinking Test Automation

Redefining App Dev Strategies 2020

DevSecOps extends DevOps, in that everyone in the software development life cycle is responsible
for security bringing operations and development together with security functions. DevSecOps
embeds security in every part of the development and operations processes. It is about automating
core security tasks by embedding security controls and processes early in the DevOps workflow
(rather than being bolted on at the end). For example, this could be the case when migrating to
microservices, building out a CI/CD pipeline, compliance automation or simply testing cloud
infrastructure. It is about getting security back into the lifecycle, or as it has been described: ‘shifting security left’.

Integrating security into DevOps to deliver DevSecOps requires new mindsets, processes, and tools.
Starting with continual Risk Assessment, Security and Risk Management leaders need to adhere to
the collaborative, agile nature of DevOps to be seamless and transparent in the development
process, making security as silent, encompassing, and seamless as possible.

How to get a business to approach built-in security, from the beginning and continually:
1. By establishing a security and data privacy strategy – a Security Program spanning people, process, products with Risk Assessment and Policies.
2. Integrating Data Protection, Secure Coding and Testing practices within the engineering
lifecycle.
3. Leveraging automation to integrate security into the DevOps & CI/CD pipeline – from code scanners through to continuous security configuration management and remediation – in Dev, Testing, Staging, Production environments.
4. Finally, staying abreast of practices, regulations, auditing and remaining certified, in true intent and spirit.

DevSecOps – Ensuring built-in-Security in an evolved DevOps landscape

DevOps

DevSecOps

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

DevSecOps – Ensuring built-in-Security in an evolved DevOps landscape

Presented by

About this talk

More from this channel