November 24, 2019

155 words 1 min read

Insecure Containers? Continuous Defense Against Open Source Exploits [A]

Insecure Containers? Continuous Defense Against Open Source Exploits [A]

Open Source Software underpins the internet and many enterprises, but has repeatedly proven itself vulnerable to accident and tampering. High impact exploits lead us to question our unreserved trust i …
Talk Title Insecure Containers? Continuous Defense Against Open Source Exploits [A]
Speakers Andrew Martin (Director, ControlPlane)
Conference CloudNativeCon + KubeCon Europe
Conf Tag
Location Berlin Congress Center
Date Mar 28-30, 2017
URL Talk Page
Slides Talk Slides
Video

Open Source Software underpins the internet and many enterprises, but has repeatedly proven itself vulnerable to accident and tampering. High impact exploits lead us to question our unreserved trust in Open Source, and the wisdom of its proliferation is being questioned. As we fight to continuously secure millions of servers against these waves of attacks, have we found a crucial panacea in containers? This talk examines the anatomy of major vulnerabilities, demonstrates their applicability to containerised applications, and explores container native security tooling throughout the pipeline.

container security exploit vulnerable open source attack pipeline internet
comments powered by Disqus
Groovy, There's a Docker in My Application Pipeline [B]

Groovy, There's a Docker in My Application Pipeline [B]

November 23, 2019

In the era of Infrastructure as Code we strive to automate everything, this talk will discuss our experiences in automating the deployment of building of continuous delivery pipelines and solving test …
My unexpected contribution experience at Capital One

My unexpected contribution experience at Capital One

November 22, 2019

When Capital One was looking for a tool to help manage its software development pipeline, Jonathan Bodner suggested LGTM, an open source pull request approval system, as a starting point. After fixing bugs and adding new features to LGTM, Jonathan contacted Capital One's open source office so he could return his changes to the community. And that's where things got interesting.
Set developers free: Break the compliance jail for open source with DevOps

Set developers free: Break the compliance jail for open source with DevOps

November 21, 2019

Bianca Jiang explores the paradox of open source compliance and continuous delivery with open source, sharing her experience, lessons learned, and the best of DevOps principles. Along the way, Bianca outlines a microservices-based architecture and offers a fresh perspective on compliance requirements.
Shifting to Kubernetes on OpenShift

Shifting to Kubernetes on OpenShift

November 21, 2019

Seth Jennings demonstrates how to start an OpenShift cluster in a single command and "port" a simple three-tier application to OpenShift, covering many of the platform features along the way, including automatic container image creation from source code, service discovery, application configuration, lifecycle management, and more.
Software supply chains and the illusion of control

Software supply chains and the illusion of control

November 20, 2019

Derek Weeks shares the results of a three-year study of open source development practices across 3,000 organizations, exploring the vast software supply chains these organizations employ that are simultaneously improving development productivity and undermining quality and security practices. Derek then outlines DevOps practices that support building in quality and security from the beginning.
Why choose open infrastructure? (sponsored by IBM)

Why choose open infrastructure? (sponsored by IBM)

November 19, 2019

Open source isnt winning; its won. In the last decade, there's been an incredible explosion in open source software. Massive projects have been developed in the open, on open operating systems, using open languages and compilers. But, Christopher Aedo asks, was all the infrastructure open as well?