DevConf, OpenShift and Black Duck

DevConf, OpenShift and Black Duck

It’s that time again, a kickoff to the year’s activities. For me, the first event is DevConf, where I’ll be speaking on the joys of security in an ever increasing Agile and DevOps world. As is my wont, I’ll be presenting concepts that both challenge existing paradigms and provide a way forward. It benefits no-one to simply complain about something without at least providing potential solutions.

To that end, I have two key objectives with my DevConf presentation; first, to highlight precisely how hard security large scale infrastructures are. My second objective is to show just how easy it can be if we collectively take a step back and look at the system we’re trying to secure and how attackers think. At the core of my thesis is a radical thought — if attackers are targeting our applications and associated data, what can we do to release more secure applications? After all, we don’t want a malicious actor getting past a perimeter defense and then have free rein over applications because we’re relying on firewalls to do heavy lifting.

DevConf & OpenShift

So what does this have to do with OpenShift, you ask? Well as it turns out, optimizing the security of applications created and deployed within an OpenShift Container Platform could mesh better with my solution. Imagine a world where all images deployed within an OpenShift world are automatically scanned for open source risk elements, and operators are proactively notified of any issues in their environment.

This world is closer than you think, and DevConf attendees of my session titled “Taming the DevOps Security Beast” will the first to see what we’re working on. For the rest of you, please follow me on Twitter (@TimInTech) to learn more as we move towards a release. Now if you happen to be an existing Black Duck Hub customer and are using OpenShift, please let your account team know. We may seek some of your input. For the rest of you, you’re going to wait a bit. The old adage “Good things come to those who wait” is completely appropriate here ;)

Watch a 3 Minute Demo of the Black Duck Hub


Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Should You Replace Apache Struts? Maybe. Or, Maybe Not.

| Sep 14, 2017

It’s one hell of a year for Apache Struts. With the latest round of security disclosures comingled with the Equifax data breach, it's reasonable for users of Struts to start questioning if they should be migrating to another framework. After all, there have been five possible remote code execution

| MORE >

RSA Singapore Review - The Perils of Security Hubris

| Aug 4, 2017

With RSA Singapore now in the books, it’s time to look back on the event and a core theme of experiential learning. The stage was set for this with IBM’s Diana Keely highlighting how today’s attacks are rather reminiscent of successful tactics from the past — a form of cyber groundhog day. She

| MORE >

A Voracious Appetite for Open Source Software Worldwide

| Jun 15, 2017

At Black Duck Software, we work with the community and organizations to understand what responsible open source usage means. As part of that process, we view our connection to the open source community as a key component to both understanding where the development community is and educating them

| MORE >