Software components that were once good can sour instantly when new
vulnerabilities are discovered within them. When that happens, the bears are
coming, and you have to respond quickly.
Two men are walking through a forest. Suddenly, they see a bear off in the
distance, running toward them. Adrenaline pumping, they start running away.
But then one of them stops, takes some running shoes from his bag and starts
putting them on.
"Frank, what are you doing?" says the other man. "Do you think you will run
faster than the bear with those?"
"I don't need to run faster than the bear," Frank replies. "I just have to
run faster than you."
This scenario repeats itself every time a new security vulnerability is
discovered in a widely used open source component. Imagine the bear as your
adversary. Rushing to attack when easy prey is present. Your response time is
21 DevOps and Docker Reference Architectures
When building DevOps or continuous delivery practices you can learn a great
deal from others. What choices did they make, what practices did they put
in place, and how did they connect the dots?
At Sonatype, we pulled together a set of 21 reference architectures for
folks building continuous delivery and DevOps practices using Docker. Why?
After 3,000 DevOps professionals attended our webinar on "Continuous
Integration using Docker" discussing just one reference architecture example,
we recognized there was a strong interest in the c... (more)
What do dependency resolution, situational awareness, and superheroes have in
common? Meet Chris Corriere, a DevOps/Software Engineer at Autotrader,
speaking on creative ways to maximize usage of all of the above. Mark Miller,
Community Advocate and senior storyteller at Sonatype caught up with Chris to
learn more about what his team is up to.
Chris: I'm Chris Corriere, and I'm a Dev Ops engineer at AutoTrader.
Mark: Can you give us an overview on how you're using Nexus?
Chris: We use Nexus for dependency resolution. Part of that is to insulate
our enterprise infrastructure from ... (more)
In September 2014, Apple made encryption default with the introduction of the
iPhone 6. Then, in February 2016, a Los Angeles judge issued an order to
Apple to help break into the encrypted iPhone belonging to a terrorist
involved in a mass shooting.
Apple had used some of the strongest encryption technologies and practices to
protect its users and their data. The encryption technology did not
discriminate between lawful and unlawful users. While there were many sides
to this issue, it surfaced many important debates on security, privacy, and
For develo... (more)
Wow, if you ever wanted to learn about Rugged DevOps (some call it
DevSecOps), sit down for a spell with Shannon Lietz, Ian Allison and Scott
Kennedy from Intuit. We discussed a number of important topics including
internal war games, culture hacking, gamification of Rugged DevOps and
starting as a small team. There are 100 gold nuggets in this conversation for
novices and experts alike.
Derek: I have some of the Intuit DevSecOps team here with me today. We're
going to talk to them a little bit about Rugged DevOps and how things work
over at Intuit. Let's start with some introdu... (more)