11-04, 14:00–14:30 (US/Central), ROOM 2
Developers are not security experts! I’ve heard this exclamation time and again and I wonder, why not? And should they be?
There is no denying that software teams must work to address a number of security concerns today. But we’re still learning and actively developing best practices. We’re still figuring out — sometimes through trial and error — the best way to tackle security issues that won’t negatively interfere with delivering functional (and secure) software.
When it comes to developers securing software, there is only a subset of prevention and mitigation strategies that make sense to put on a developer’s plate. Even then, an expectation that all developers by default are equipped to handle this additional workload is unreasonable.
Melissa will define common security related terms and lingo; share typical places to shore up applications when it comes to dependencies, packaging, and supply chain concerns; and discuss the plethora of scanning tools available today and how they actually work. Learn how to integrate a measure of security that makes sense in existing development processes and how to introduce a security culture to your team in a healthy way without exhausting your developers.
Most importantly, don’t lose heart! We’re getting better and better at this and the future looks bright!
Melissa is passionate about Java, DevOps and Continuous Delivery. She is currently a Developer Advocate for JFrog, serves on the Continuous Delivery Foundation TOC and is a Co-Chair of the Interoperability SIG. She loves sharing her knowledge with the community as a developer, speaker, and author. Melissa has been recognized as a Java Champion and Docker Captain, is an international speaker at numerous events including KubeCon and DockerCon, and is co-author of the O'Reilly title, DevOps Tools for Java Developers.