DevConf, OpenShift and Black Duck

DevConf, OpenShift and Black Duck

It’s that time again, a kickoff to the year’s activities. For me, the first event is DevConf, where I’ll be speaking on the joys of security in an ever increasing Agile and DevOps world. As is my wont, I’ll be presenting concepts that both challenge existing paradigms and provide a way forward. It benefits no-one to simply complain about something without at least providing potential solutions.

To that end, I have two key objectives with my DevConf presentation; first, to highlight precisely how hard security large scale infrastructures are. My second objective is to show just how easy it can be if we collectively take a step back and look at the system we’re trying to secure and how attackers think. At the core of my thesis is a radical thought — if attackers are targeting our applications and associated data, what can we do to release more secure applications? After all, we don’t want a malicious actor getting past a perimeter defense and then have free rein over applications because we’re relying on firewalls to do heavy lifting.

DevConf & OpenShift

So what does this have to do with OpenShift, you ask? Well as it turns out, optimizing the security of applications created and deployed within an OpenShift Container Platform could mesh better with my solution. Imagine a world where all images deployed within an OpenShift world are automatically scanned for open source risk elements, and operators are proactively notified of any issues in their environment.

This world is closer than you think, and DevConf attendees of my session titled “Taming the DevOps Security Beast” will the first to see what we’re working on. For the rest of you, please follow me on Twitter (@TimInTech) to learn more as we move towards a release. Now if you happen to be an existing Black Duck Hub customer and are using OpenShift, please let your account team know. We may seek some of your input. For the rest of you, you’re going to wait a bit. The old adage “Good things come to those who wait” is completely appropriate here ;)

Watch a 3 Minute Demo of the Black Duck Hub


Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Top 4 DockerCon 2017 Sessions

| Apr 12, 2017

DockerCon 2017 is around the corner, starting in a few short days. Like most attendees, I like to look for the sessions that most impact my professional life. Lately that’s container security at production scale, and if you’ve dug into the topic in the past you’ll know it’s a bit messy! The

| MORE >

Vulnerability Information Sources: The Hacker News vs. NIST

| Mar 16, 2017

While that may be a catchy title, it’s also the question I've been asking attendees at SCALE and Container World over the past few weeks. More precisely, “Where would you rather get your security vulnerability information from?” Now I’m going to pause here and let that sink in for a minute. Think

| MORE >