Derek Weeks – Machines Making Software: Paving and Maintaining the Road with Zero Trust Open Source

Derek Weeks – Machines Making Software: Paving and Maintaining the Road with Zero Trust Open Source

51m

With 40 million developers, 300,000 of open source projects, 500 billion open source package downloads annually — what could go wrong? Or better yet, what could we get more right? In a two year long collaboration with Gene Kim and Dr. Stephen Magill, we objectively examined and empirically documented software release patterns and cybersecurity hygiene practices across 30,000 commercial development teams and open source projects. At the heart of our endeavor: what attributes can we use to identify the best open source project behaviors, what behaviors have been adopted by the best development teams relying on those projects, and is there a future where machines are applying such knowledge to building applications on our behalf? Our research uncovered a number development and cybersecurity hygiene behaviors across open source software projects that we categorized as exemplars, laggards, features first, and cautious. The exemplars represented the very best OSS suppliers with extraordinary track records for releasing updates, remediating vulnerabilities, staffing well, and demonstrating high adoption rates. We also uncovered exemplary development behaviors across teams that utilize open source software components, that included: defining process to update components, reducing the number of library versions in use, and automating practices that aid in updating dependencies. In this session, I will reveal the insights we uncovered. Attendees will learn which techniques, team structures and release patterns exemplary development teams have been championed at large enterprises and open source projects alike. I’ll share observations of exemplary teams release new code 2.4X faster and remediate security vulnerabilities 2.9X faster. Finally, I’ll shed light on how we could apply these exemplary practices using AI and ML to pave the way toward machines making safer software faster.

Share some ❤
Guest(s): Derek Weeks
Date: June 4, 2020
Play
My List

TechStrong Con 2020

Baruch Sadogursky + Leonid Igolnik - DevOps @Scale (Greek Tragedy in 3 Acts)

Baruch Sadogursky + Leonid Igolnik - DevOps @Scale (Greek Tragedy in 3 Acts)

Chenxi Wang - Building Trust with Artificial Intelligence and Digital Transformation

Chenxi Wang - Building Trust with Artificial Intelligence and Digital Transformation

Helen Beal - Community and Capitalism

Helen Beal - Community and Capitalism

James Wickett - A Way to Think about DevSecOps: MEASURE

James Wickett - A Way to Think about DevSecOps: MEASURE

Jeff Williams - How to Build Awesome Security Instrumentation to Automate AppSec Testing and Protection - Contrast Security

Jeff Williams - How to Build Awesome Security Instrumentation to Automate AppSec Testing and Protection - Contrast Security

Mark Herring - So How Are Developers Feeling During the COVID Health Crisis?

Mark Herring - So How Are Developers Feeling During the COVID Health Crisis?

Rosalind Radcliffe - Making your Dinosaur Dance to the Tune of your Digital Transformation

Rosalind Radcliffe - Making your Dinosaur Dance to the Tune of your Digital Transformation

Kristina Pennella - Re-imagining Ways of Working Across the Organization for Improved Business Outcomes

Kristina Pennella - Re-imagining Ways of Working Across the Organization for Improved Business Outcomes

Pavlo Baron - Applying Observability in the Enterprise at Scale

Pavlo Baron - Applying Observability in the Enterprise at Scale

Sanjeev Sharma - Your (lack of) Data Strategy is Killing your Digital Transformation

Sanjeev Sharma - Your (lack of) Data Strategy is Killing your Digital Transformation

Barak Schoster - Cloud Infrastructure Security in Run-Time vs. Build-Time

Barak Schoster - Cloud Infrastructure Security in Run-Time vs. Build-Time

Paul Stack - Infrastructure as Software

Paul Stack - Infrastructure as Software

Brian Amaro - Clearing the Path for Automated Operations: Finding the Value in AIOps

Brian Amaro - Clearing the Path for Automated Operations: Finding the Value in AIOps

Darren Murph - Making Remote Work: What to do (and where to start)

Darren Murph - Making Remote Work: What to do (and where to start)

Cat Swetel - Digital Transformation: From Transactions to Relationships

Cat Swetel - Digital Transformation: From Transactions to Relationships

Julie Gunderson - You Can’t Buy DevOps

Julie Gunderson - You Can’t Buy DevOps

Ben Hindman - A

Ben Hindman - A "Comprehensive" Guide For Getting To Day 2

Tiffany Jachja - Your Guide to Continuous Delivery

Tiffany Jachja - Your Guide to Continuous Delivery

William Hurley - Quantum Computing for Dummies

William Hurley - Quantum Computing for Dummies

Liz Rice - Container Images: Small is Beautiful

Liz Rice - Container Images: Small is Beautiful

Patrick ONeil - Cloud Automated Governance

Patrick ONeil - Cloud Automated Governance

Matt Rose - Putting the Sec in DevOps

Matt Rose - Putting the Sec in DevOps

Caleb Queern + John Willis - Automated Governance Fireside Chat

Caleb Queern + John Willis - Automated Governance Fireside Chat

Aditya Muppavarapu + Kelly Looney - Building at Amazon

Aditya Muppavarapu + Kelly Looney - Building at Amazon

Leave Review

Your email address will not be published. Required fields are marked *

ARE YOU IN?

Get enhanced value from the site through the exclusive “members-only” content. 200,000+ subscribers already enjoy our premium stuff.

%d bloggers like this: