DevConf, OpenShift and Black Duck

DevConf, OpenShift and Black Duck

It’s that time again, a kickoff to the year’s activities. For me, the first event is DevConf, where I’ll be speaking on the joys of security in an ever increasing Agile and DevOps world. As is my wont, I’ll be presenting concepts that both challenge existing paradigms and provide a way forward. It benefits no-one to simply complain about something without at least providing potential solutions.

To that end, I have two key objectives with my DevConf presentation; first, to highlight precisely how hard security large scale infrastructures are. My second objective is to show just how easy it can be if we collectively take a step back and look at the system we’re trying to secure and how attackers think. At the core of my thesis is a radical thought — if attackers are targeting our applications and associated data, what can we do to release more secure applications? After all, we don’t want a malicious actor getting past a perimeter defense and then have free rein over applications because we’re relying on firewalls to do heavy lifting.

DevConf & OpenShift

So what does this have to do with OpenShift, you ask? Well as it turns out, optimizing the security of applications created and deployed within an OpenShift Container Platform could mesh better with my solution. Imagine a world where all images deployed within an OpenShift world are automatically scanned for open source risk elements, and operators are proactively notified of any issues in their environment.

This world is closer than you think, and DevConf attendees of my session titled “Taming the DevOps Security Beast” will the first to see what we’re working on. For the rest of you, please follow me on Twitter (@TimInTech) to learn more as we move towards a release. Now if you happen to be an existing Black Duck Hub customer and are using OpenShift, please let your account team know. We may seek some of your input. For the rest of you, you’re going to wait a bit. The old adage “Good things come to those who wait” is completely appropriate here ;)

Watch a 3 Minute Demo of the Black Duck Hub


Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


A Voracious Appetite for Open Source Software Worldwide

| Jun 15, 2017

At Black Duck Software, we work with the community and organizations to understand what responsible open source usage means. As part of that process, we view our connection to the open source community as a key component to both understanding where the development community is and educating them

| MORE >

Dramatically Reduce the Time to Container Vulnerability Resolution

| May 2, 2017

I'm excited to preview the results of our latest efforts to dramatically reduce the time from container vulnerability disclosure to resolution. Some of you may have read my blog post in January advocating Black Duck’s work with the Red Hat OpenShift Container Platform. The goal of that effort was

| MORE >

Top 4 DockerCon 2017 Sessions

| Apr 12, 2017

DockerCon 2017 is around the corner, starting in a few short days. Like most attendees, I like to look for the sessions that most impact my professional life. Lately that’s container security at production scale, and if you’ve dug into the topic in the past you’ll know it’s a bit messy! The

| MORE >