DC 2015 - Program


Ready for more DevOpsDays?

DevOpsDays DC will return June 8-9, 2016.

DevOps Security and Continuous Failure: Lessons From Heartbleed, Shellshock, and Countless Other Security Flaws

Mike Nescot, Web Operations and Security Manager, JBS International (@mnescot)

We pursue increasingly rapid delivery cycles while acheiving previously unimaginable degrees of scalability, reliability, and raw performance. But there is obviously a growing and serious mismatch between our develoment and operations performance in securing our applications compared to our performance in other areas. I work at a company extensively involved in Drupal and other open source projects that concentrate on both DevOps and security, but continue to be plagued by serious security vulnerabilities. Organizations and individuals negatively affected by Heartbleed and other security flaws probably would have readily traded some delay in accessing new features or temporary access problems for better security. So, how can we better focus DevOps culture and practices on the concept of Continous Security to deliver this? Perhaps we need to look at ongoing advances in automated security testing, more rigorous and frequent manual code review, and paired/team programming practices, and work better on more fully integrating these all into DevOps.


Audio-only version is available in the DevOpsDays Podcast or as a direct download.


Platinum & Venue Sponsor


Platinum Sponsors

Excella Consulting Sumo Logic Netuitive Ansible Chef CustomInk Delphix Red Hat Elastic VictorOps Fugue Sonatype FireEye

Gold Sponsors

InfoZen Comcast Circonus Opus Group, LLC BlackMesh PagerDuty govready

Silver Sponsors

Puppet Labs