Melissa McKay

Melissa is passionate about Java, DevOps and Continuous Delivery. She is currently a Developer Advocate for JFrog, serves on the Continuous Delivery Foundation TOC and is a Co-Chair of the Interoperability SIG. She loves sharing her knowledge with the community as a developer, speaker, and author. Melissa has been recognized as a Java Champion and Docker Captain, is an international speaker at numerous events including KubeCon and DockerCon, and is co-author of the O'Reilly title, DevOps Tools for Java Developers.

The speaker's profile picture

Sessions

11-04
14:00
30min
Don't Expect Developers to be Security Experts!
Melissa McKay

Developers are not security experts! I’ve heard this exclamation time and again and I wonder, why not? And should they be?

There is no denying that software teams must work to address a number of security concerns today. But we’re still learning and actively developing best practices. We’re still figuring out — sometimes through trial and error — the best way to tackle security issues that won’t negatively interfere with delivering functional (and secure) software.

When it comes to developers securing software, there is only a subset of prevention and mitigation strategies that make sense to put on a developer’s plate. Even then, an expectation that all developers by default are equipped to handle this additional workload is unreasonable.

Melissa will define common security related terms and lingo; share typical places to shore up applications when it comes to dependencies, packaging, and supply chain concerns; and discuss the plethora of scanning tools available today and how they actually work. Learn how to integrate a measure of security that makes sense in existing development processes and how to introduce a security culture to your team in a healthy way without exhausting your developers.
Most importantly, don’t lose heart! We’re getting better and better at this and the future looks bright!

ROOM 2