DevConf, OpenShift and Black Duck

DevConf, OpenShift and Black Duck

It’s that time again, a kickoff to the year’s activities. For me, the first event is DevConf, where I’ll be speaking on the joys of security in an ever increasing Agile and DevOps world. As is my wont, I’ll be presenting concepts that both challenge existing paradigms and provide a way forward. It benefits no-one to simply complain about something without at least providing potential solutions.

To that end, I have two key objectives with my DevConf presentation; first, to highlight precisely how hard security large scale infrastructures are. My second objective is to show just how easy it can be if we collectively take a step back and look at the system we’re trying to secure and how attackers think. At the core of my thesis is a radical thought — if attackers are targeting our applications and associated data, what can we do to release more secure applications? After all, we don’t want a malicious actor getting past a perimeter defense and then have free rein over applications because we’re relying on firewalls to do heavy lifting.

DevConf & OpenShift

So what does this have to do with OpenShift, you ask? Well as it turns out, optimizing the security of applications created and deployed within an OpenShift Container Platform could mesh better with my solution. Imagine a world where all images deployed within an OpenShift world are automatically scanned for open source risk elements, and operators are proactively notified of any issues in their environment.

This world is closer than you think, and DevConf attendees of my session titled “Taming the DevOps Security Beast” will the first to see what we’re working on. For the rest of you, please follow me on Twitter (@TimInTech) to learn more as we move towards a release. Now if you happen to be an existing Black Duck Hub customer and are using OpenShift, please let your account team know. We may seek some of your input. For the rest of you, you’re going to wait a bit. The old adage “Good things come to those who wait” is completely appropriate here ;)

Watch a 3 Minute Demo of the Black Duck Hub


Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


A Resolution for Prosperity in Product Development

| Jan 4, 2017

For many, the start of a new year is a time of reflection and renewal. Every year we see a flurry of resolutions for the new year. These resolutions can take many forms and typically focus on health, lifestyle and prosperity. For this blog I’m going to focus a bit on the prosperity aspect.

| MORE >

Top 3 Open Source Security Lessons for 2016

| Dec 27, 2016

GHOST stories, Dirty COWs and IoT Attacks Three high profile open source security events that happened in 2016 and lessons can be learned from them. With another year under our belts, it’s a great time to look back at open source security vulnerabilities. #3 — CVE-2015-7547 CVE-2015-7547 is often

| MORE >