SlideShare ist ein Scribd-Unternehmen logo

Agile automotive software

Als PPTX, PDF herunterladen
Rogue Wave Software
Rogue Wave Software

With many automotive organizations transforming development efforts towards agile methodologies, the need to redefine and establish security, safety, and quality standards and testing methods is more important than ever. How do we fit safety and security planning and tools into the adaptive development and rapid delivery practices of agile teams? In this second one-hour webinar you'll learn how to: - Integrate security and compliance testing with agile development - Provide context for fast triage and remediation - Create policies for code management in integrated testing environments

Software
1 von 22
Navigating Agile automotive software development June 24, 2015
Presenters Jeff Hildreth, Automotive Account Manager Rogue Wave Software Ahmed Abdelrahman, Release Engineer Rogue Wave Software John Chapman, Solutions Architect Rogue Wave Software 2© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED
Agenda • A holistic approach to cybersecurity • Blending DevOps and Agile for security • How to implement a Jenkins CI system • Examples of security defects • Q&A 3© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED
A holistic approach to cybersecurity
A holistic approach to cybersecurity © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 5 Information overload Develop an adaptive threat model Threat Model External Data Internal Threat Metric Action
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 6 Threat model Most breaches result from input trust issues Threat modeling identifies, quantifies, and addresses security risks by: 1. Understanding the application & environment 2. Identifying & prioritizing threats 3. Determining mitigation actions Identify assets System overview Decompose application Identify threats Prioritize threats
© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 7 Security overload News Blogs, social media conferences Security standards OWASP, CWE, CERT, etc. Senator Markey report NVD, White Hat, Black Hat OEMs, internal Media More and more software running inside your car Standards and legislation Research Requirements Developers don’t know security (80% failed security knowledge survey)
Developing a threat metric © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 8 Build score • Automated and functional testing can give you a pass fail metric on every run of the test suite • A metric can be generated from penetration testing based on the number of exploitable paths in your code base • Software quality tools can give you a count of critical static analysis and compiler warnings • A metric can be developed based on the presence of snippets of open source code previously undetected or open source with new known vulnerabilities • All of these metrics can be generated on every build of your software
DevOps & Agile for security
Agile development: Integrated security © 2015 Rogue Wave Software, Inc. All Rights Reserved. 10 Adaptive Accept Sprint 1 Sprint 2 Sprint n Release Change Adjust and Track Feedback Review Next Iteration No! Yes! Release to Market Integrate and Test Integrate and Test Integrate and Test Multiple testing points Rapid feedback required “Outside” testing does not meet Agile needs
DevOps SDLC 11 Continuous Integration SDLC Step UAT/ exploratory testing Functional testing Performance load security Release Deploy Metric Understand Needs Invent Solution Develop Build Commit Idea © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED
Jenkins CI
Jenkins CI © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 13
Security example
Load, Performance, Security…Testing phase © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 15 Load, Performance, Security, … Testing
Develop, commit & build © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 16
Develop, commit & build © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 17
DevOps SDLC 18 Continuous Integration SDLC Step UAT/ exploratory testing Functional testing Performance load security Release Deploy Metric Understand Needs Invent Solution Develop Build Commit Idea © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED
Conclusions © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 19 The application security world is fluid Create concrete, actionable strategies (Threat Metric, analysis & scanning) Delivery cycles are short Update regularly with well-defined process (Agile, CI)
See us in action: www.roguewave.com Jeff Hildreth | jeff.hildreth@roguewave.com
Q&A
Agile automotive software

Empfohlen

Agile adoption for automotive systems software
Agile adoption for automotive systems softwareAgile adoption for automotive systems software
Agile adoption for automotive systems softwareJulian Holmes
 
Agile + ISO 26262: Using Agile in Automotive Development
Agile + ISO 26262: Using Agile in Automotive DevelopmentAgile + ISO 26262: Using Agile in Automotive Development
Agile + ISO 26262: Using Agile in Automotive DevelopmentIntland Software GmbH
 
Frequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional SafetyFrequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional SafetyEmbitel Technologies (I) PVT LTD
 
How to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded SystemsHow to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded Systemsevatjohnson
 
Kashvi Consultants Technology SBU Profile
Kashvi Consultants Technology SBU ProfileKashvi Consultants Technology SBU Profile
Kashvi Consultants Technology SBU Profilecaharshalshah
 
Managing Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development EnvironmentManaging Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development EnvironmentIntland Software GmbH
 
Automotive Functional Safety ISO 26262 Training Bootcamp - Tonex Training
Automotive Functional Safety ISO 26262 Training Bootcamp - Tonex TrainingAutomotive Functional Safety ISO 26262 Training Bootcamp - Tonex Training
Automotive Functional Safety ISO 26262 Training Bootcamp - Tonex TrainingBryan Len
 
5 Principles to Managing Your Application Lifecycle with SpiraTeam
5 Principles to Managing Your Application Lifecycle with SpiraTeam5 Principles to Managing Your Application Lifecycle with SpiraTeam
5 Principles to Managing Your Application Lifecycle with SpiraTeamAdam Sandman
 

Empfohlen

Agile adoption for automotive systems software
Agile adoption for automotive systems softwareAgile adoption for automotive systems software
Agile adoption for automotive systems softwareJulian Holmes
 
Agile + ISO 26262: Using Agile in Automotive Development
Agile + ISO 26262: Using Agile in Automotive DevelopmentAgile + ISO 26262: Using Agile in Automotive Development
Agile + ISO 26262: Using Agile in Automotive DevelopmentIntland Software GmbH
 
Frequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional SafetyFrequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional SafetyEmbitel Technologies (I) PVT LTD
 
How to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded SystemsHow to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded Systemsevatjohnson
 
Kashvi Consultants Technology SBU Profile
Kashvi Consultants Technology SBU ProfileKashvi Consultants Technology SBU Profile
Kashvi Consultants Technology SBU Profilecaharshalshah
 
Managing Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development EnvironmentManaging Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development EnvironmentIntland Software GmbH
 
Automotive Functional Safety ISO 26262 Training Bootcamp - Tonex Training
Automotive Functional Safety ISO 26262 Training Bootcamp - Tonex TrainingAutomotive Functional Safety ISO 26262 Training Bootcamp - Tonex Training
Automotive Functional Safety ISO 26262 Training Bootcamp - Tonex TrainingBryan Len
 
5 Principles to Managing Your Application Lifecycle with SpiraTeam
5 Principles to Managing Your Application Lifecycle with SpiraTeam5 Principles to Managing Your Application Lifecycle with SpiraTeam
5 Principles to Managing Your Application Lifecycle with SpiraTeamAdam Sandman
 
Agile Automotive (Final)
Agile Automotive (Final)Agile Automotive (Final)
Agile Automotive (Final)James Janisse
 
ISO 26262 Unit Testing | Functional Safety in Automotive
ISO 26262 Unit Testing | Functional Safety in Automotive ISO 26262 Unit Testing | Functional Safety in Automotive
ISO 26262 Unit Testing | Functional Safety in Automotive Embitel Technologies (I) PVT LTD
 
Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile Framework
Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile FrameworkSa fe 4.0 implementing Enterprise Agile using the Scaled Agile Framework
Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile Frameworkevatjohnson
 
Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)
Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)
Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)Dimitrios Platis
 
Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Tonex
 
Inflectracon2020: Advantages of Integrating a DevSecOps Pipeline with the Spi...
Inflectracon2020: Advantages of Integrating a DevSecOps Pipeline with the Spi...Inflectracon2020: Advantages of Integrating a DevSecOps Pipeline with the Spi...
Inflectracon2020: Advantages of Integrating a DevSecOps Pipeline with the Spi...Inflectra
 
Moving Towards Operability & Organising for Continuous Delivery
Moving Towards Operability & Organising for Continuous DeliveryMoving Towards Operability & Organising for Continuous Delivery
Moving Towards Operability & Organising for Continuous DeliveryEqual Experts
 
Qualification of Eclipse-based Tools according to ISO 26262
Qualification of Eclipse-based Tools according to ISO 26262Qualification of Eclipse-based Tools according to ISO 26262
Qualification of Eclipse-based Tools according to ISO 26262Oscar Slotosch
 
Methodologies 3: Using Spira for Waterfall
Methodologies 3: Using Spira for WaterfallMethodologies 3: Using Spira for Waterfall
Methodologies 3: Using Spira for WaterfallInflectra
 
ISO 26262 introduction
ISO 26262 introductionISO 26262 introduction
ISO 26262 introductionKoenLeekens
 
Building Quality into Your DevSecOps Pipelines
Building Quality into Your DevSecOps PipelinesBuilding Quality into Your DevSecOps Pipelines
Building Quality into Your DevSecOps PipelinesInflectra
 
Inflectra Enterprise Agile Planning Briefing for Gartner 2018
Inflectra Enterprise Agile Planning Briefing for Gartner 2018Inflectra Enterprise Agile Planning Briefing for Gartner 2018
Inflectra Enterprise Agile Planning Briefing for Gartner 2018Adam Sandman
 
Rapise Overview Presentation (2021)
Rapise Overview Presentation (2021)Rapise Overview Presentation (2021)
Rapise Overview Presentation (2021)Inflectra
 
Aligning QMS and Engineering Processes in Medical Product Development
Aligning QMS and Engineering Processes in Medical Product DevelopmentAligning QMS and Engineering Processes in Medical Product Development
Aligning QMS and Engineering Processes in Medical Product DevelopmentIntland Software GmbH
 
Friends & Foes of Software Test Automation - Test Automation, Demystified | W...
Friends & Foes of Software Test Automation - Test Automation, Demystified | W...Friends & Foes of Software Test Automation - Test Automation, Demystified | W...
Friends & Foes of Software Test Automation - Test Automation, Demystified | W...Inflectra
 
27 Nov 2019 – Experts Talk: Integrated MedTech Delivery from Requirements thr...
27 Nov 2019 – Experts Talk: Integrated MedTech Delivery from Requirements thr...27 Nov 2019 – Experts Talk: Integrated MedTech Delivery from Requirements thr...
27 Nov 2019 – Experts Talk: Integrated MedTech Delivery from Requirements thr...Intland Software GmbH
 
SpiraTeam Overview Presentation (2019)
SpiraTeam Overview Presentation (2019)SpiraTeam Overview Presentation (2019)
SpiraTeam Overview Presentation (2019)Inflectra
 
SpiraTest Overview Presentation (2022)
SpiraTest Overview Presentation (2022)SpiraTest Overview Presentation (2022)
SpiraTest Overview Presentation (2022)Inflectra
 
1, 2, 3 build - continuous integration for mobile apps
1, 2, 3 build - continuous integration for mobile apps1, 2, 3 build - continuous integration for mobile apps
1, 2, 3 build - continuous integration for mobile appsAlexander Pacha
 
Program And Portfolio Management
Program And Portfolio ManagementProgram And Portfolio Management
Program And Portfolio ManagementInflectra
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security Rogue Wave Software
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurityRogue Wave Software
 

Weitere ähnliche Inhalte

Was ist angesagt?

Agile Automotive (Final)
Agile Automotive (Final)Agile Automotive (Final)
Agile Automotive (Final)James Janisse
 
Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile Framework
Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile FrameworkSa fe 4.0 implementing Enterprise Agile using the Scaled Agile Framework
Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile Frameworkevatjohnson
 
Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)
Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)
Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)Dimitrios Platis
 
Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Tonex
 
Inflectracon2020: Advantages of Integrating a DevSecOps Pipeline with the Spi...
Inflectracon2020: Advantages of Integrating a DevSecOps Pipeline with the Spi...Inflectracon2020: Advantages of Integrating a DevSecOps Pipeline with the Spi...
Inflectracon2020: Advantages of Integrating a DevSecOps Pipeline with the Spi...Inflectra
 
Moving Towards Operability & Organising for Continuous Delivery
Moving Towards Operability & Organising for Continuous DeliveryMoving Towards Operability & Organising for Continuous Delivery
Moving Towards Operability & Organising for Continuous DeliveryEqual Experts
 
Qualification of Eclipse-based Tools according to ISO 26262
Qualification of Eclipse-based Tools according to ISO 26262Qualification of Eclipse-based Tools according to ISO 26262
Qualification of Eclipse-based Tools according to ISO 26262Oscar Slotosch
 
Methodologies 3: Using Spira for Waterfall
Methodologies 3: Using Spira for WaterfallMethodologies 3: Using Spira for Waterfall
Methodologies 3: Using Spira for WaterfallInflectra
 
ISO 26262 introduction
ISO 26262 introductionISO 26262 introduction
ISO 26262 introductionKoenLeekens
 
Building Quality into Your DevSecOps Pipelines
Building Quality into Your DevSecOps PipelinesBuilding Quality into Your DevSecOps Pipelines
Building Quality into Your DevSecOps PipelinesInflectra
 
Inflectra Enterprise Agile Planning Briefing for Gartner 2018
Inflectra Enterprise Agile Planning Briefing for Gartner 2018Inflectra Enterprise Agile Planning Briefing for Gartner 2018
Inflectra Enterprise Agile Planning Briefing for Gartner 2018Adam Sandman
 
Rapise Overview Presentation (2021)
Rapise Overview Presentation (2021)Rapise Overview Presentation (2021)
Rapise Overview Presentation (2021)Inflectra
 
Aligning QMS and Engineering Processes in Medical Product Development
Aligning QMS and Engineering Processes in Medical Product DevelopmentAligning QMS and Engineering Processes in Medical Product Development
Aligning QMS and Engineering Processes in Medical Product DevelopmentIntland Software GmbH
 
Friends & Foes of Software Test Automation - Test Automation, Demystified | W...
Friends & Foes of Software Test Automation - Test Automation, Demystified | W...Friends & Foes of Software Test Automation - Test Automation, Demystified | W...
Friends & Foes of Software Test Automation - Test Automation, Demystified | W...Inflectra
 
27 Nov 2019 – Experts Talk: Integrated MedTech Delivery from Requirements thr...
27 Nov 2019 – Experts Talk: Integrated MedTech Delivery from Requirements thr...27 Nov 2019 – Experts Talk: Integrated MedTech Delivery from Requirements thr...
27 Nov 2019 – Experts Talk: Integrated MedTech Delivery from Requirements thr...Intland Software GmbH
 
SpiraTeam Overview Presentation (2019)
SpiraTeam Overview Presentation (2019)SpiraTeam Overview Presentation (2019)
SpiraTeam Overview Presentation (2019)Inflectra
 
SpiraTest Overview Presentation (2022)
SpiraTest Overview Presentation (2022)SpiraTest Overview Presentation (2022)
SpiraTest Overview Presentation (2022)Inflectra
 
1, 2, 3 build - continuous integration for mobile apps
1, 2, 3 build - continuous integration for mobile apps1, 2, 3 build - continuous integration for mobile apps
1, 2, 3 build - continuous integration for mobile appsAlexander Pacha
 
Program And Portfolio Management
Program And Portfolio ManagementProgram And Portfolio Management
Program And Portfolio ManagementInflectra
 

Was ist angesagt? (20)

Agile Automotive (Final)
Agile Automotive (Final)Agile Automotive (Final)
Agile Automotive (Final)
 
ISO 26262 Unit Testing | Functional Safety in Automotive
ISO 26262 Unit Testing | Functional Safety in Automotive ISO 26262 Unit Testing | Functional Safety in Automotive
ISO 26262 Unit Testing | Functional Safety in Automotive
 
Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile Framework
Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile FrameworkSa fe 4.0 implementing Enterprise Agile using the Scaled Agile Framework
Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile Framework
 
Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)
Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)
Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)
 
Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019
 
Inflectracon2020: Advantages of Integrating a DevSecOps Pipeline with the Spi...
Inflectracon2020: Advantages of Integrating a DevSecOps Pipeline with the Spi...Inflectracon2020: Advantages of Integrating a DevSecOps Pipeline with the Spi...
Inflectracon2020: Advantages of Integrating a DevSecOps Pipeline with the Spi...
 
Moving Towards Operability & Organising for Continuous Delivery
Moving Towards Operability & Organising for Continuous DeliveryMoving Towards Operability & Organising for Continuous Delivery
Moving Towards Operability & Organising for Continuous Delivery
 
Qualification of Eclipse-based Tools according to ISO 26262
Qualification of Eclipse-based Tools according to ISO 26262Qualification of Eclipse-based Tools according to ISO 26262
Qualification of Eclipse-based Tools according to ISO 26262
 
Methodologies 3: Using Spira for Waterfall
Methodologies 3: Using Spira for WaterfallMethodologies 3: Using Spira for Waterfall
Methodologies 3: Using Spira for Waterfall
 
ISO 26262 introduction
ISO 26262 introductionISO 26262 introduction
ISO 26262 introduction
 
Building Quality into Your DevSecOps Pipelines
Building Quality into Your DevSecOps PipelinesBuilding Quality into Your DevSecOps Pipelines
Building Quality into Your DevSecOps Pipelines
 
Inflectra Enterprise Agile Planning Briefing for Gartner 2018
Inflectra Enterprise Agile Planning Briefing for Gartner 2018Inflectra Enterprise Agile Planning Briefing for Gartner 2018
Inflectra Enterprise Agile Planning Briefing for Gartner 2018
 
Rapise Overview Presentation (2021)
Rapise Overview Presentation (2021)Rapise Overview Presentation (2021)
Rapise Overview Presentation (2021)
 
Aligning QMS and Engineering Processes in Medical Product Development
Aligning QMS and Engineering Processes in Medical Product DevelopmentAligning QMS and Engineering Processes in Medical Product Development
Aligning QMS and Engineering Processes in Medical Product Development
 
Friends & Foes of Software Test Automation - Test Automation, Demystified | W...
Friends & Foes of Software Test Automation - Test Automation, Demystified | W...Friends & Foes of Software Test Automation - Test Automation, Demystified | W...
Friends & Foes of Software Test Automation - Test Automation, Demystified | W...
 
27 Nov 2019 – Experts Talk: Integrated MedTech Delivery from Requirements thr...
27 Nov 2019 – Experts Talk: Integrated MedTech Delivery from Requirements thr...27 Nov 2019 – Experts Talk: Integrated MedTech Delivery from Requirements thr...
27 Nov 2019 – Experts Talk: Integrated MedTech Delivery from Requirements thr...
 
SpiraTeam Overview Presentation (2019)
SpiraTeam Overview Presentation (2019)SpiraTeam Overview Presentation (2019)
SpiraTeam Overview Presentation (2019)
 
SpiraTest Overview Presentation (2022)
SpiraTest Overview Presentation (2022)SpiraTest Overview Presentation (2022)
SpiraTest Overview Presentation (2022)
 
1, 2, 3 build - continuous integration for mobile apps
1, 2, 3 build - continuous integration for mobile apps1, 2, 3 build - continuous integration for mobile apps
1, 2, 3 build - continuous integration for mobile apps
 
Program And Portfolio Management
Program And Portfolio ManagementProgram And Portfolio Management
Program And Portfolio Management
 

Ähnlich wie Agile automotive software

Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security Rogue Wave Software
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurityRogue Wave Software
 
Perforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce
 
Top 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareTop 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareRogue Wave Software
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Rogue Wave Software
 
Cybersecurity overview - Open source compliance seminar
Cybersecurity overview - Open source compliance seminarCybersecurity overview - Open source compliance seminar
Cybersecurity overview - Open source compliance seminarRogue Wave Software
 
Create Agile confidence for better application security
Create Agile confidence for better application securityCreate Agile confidence for better application security
Create Agile confidence for better application securityRogue Wave Software
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Mykhailo Antonishyn
 
Create code confidence for better application security
Create code confidence for better application securityCreate code confidence for better application security
Create code confidence for better application securityRogue Wave Software
 
Дмитро Терещенко, "How to secure your application with Secure SDLC"
Дмитро Терещенко, "How to secure your application with Secure SDLC"Дмитро Терещенко, "How to secure your application with Secure SDLC"
Дмитро Терещенко, "How to secure your application with Secure SDLC"Sigma Software
 
Applicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramApplicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramMichael Davis
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle1&1
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalrkadayam
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Dilum Bandara
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks Ulf Mattsson
 
Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...Achim D. Brucker
 

Ähnlich wie Agile automotive software (20)

Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurity
 
Perforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and Move
 
Top 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareTop 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle software
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization
 
Cybersecurity overview - Open source compliance seminar
Cybersecurity overview - Open source compliance seminarCybersecurity overview - Open source compliance seminar
Cybersecurity overview - Open source compliance seminar
 
Create Agile confidence for better application security
Create Agile confidence for better application securityCreate Agile confidence for better application security
Create Agile confidence for better application security
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.
 
Create code confidence for better application security
Create code confidence for better application securityCreate code confidence for better application security
Create code confidence for better application security
 
Дмитро Терещенко, "How to secure your application with Secure SDLC"
Дмитро Терещенко, "How to secure your application with Secure SDLC"Дмитро Терещенко, "How to secure your application with Secure SDLC"
Дмитро Терещенко, "How to secure your application with Secure SDLC"
 
Applicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramApplicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit Program
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks
 
Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...
 
Autos, Wi-Fi, and IoT
Autos, Wi-Fi, and IoTAutos, Wi-Fi, and IoT
Autos, Wi-Fi, and IoT
 

Mehr von Rogue Wave Software

The Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data PerspectiveThe Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data PerspectiveRogue Wave Software
 
No liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failureNo liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failureRogue Wave Software
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationRogue Wave Software
 
Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Rogue Wave Software
 
Adding layers of security to an API in real-time
Adding layers of security to an API in real-timeAdding layers of security to an API in real-time
Adding layers of security to an API in real-timeRogue Wave Software
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyRogue Wave Software
 
Advanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsAdvanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsRogue Wave Software
 
The forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for youThe forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for youRogue Wave Software
 
Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Rogue Wave Software
 
Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Rogue Wave Software
 
5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure success5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure successRogue Wave Software
 
PSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliancePSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and complianceRogue Wave Software
 
Java 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the futureJava 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the futureRogue Wave Software
 
How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)Rogue Wave Software
 
Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Rogue Wave Software
 
How to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxHow to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxRogue Wave Software
 
Approaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsApproaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsRogue Wave Software
 
Enterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSEnterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSRogue Wave Software
 
Walk through an enterprise Linux migration
Walk through an enterprise Linux migrationWalk through an enterprise Linux migration
Walk through an enterprise Linux migrationRogue Wave Software
 
How to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmHow to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmRogue Wave Software
 

Mehr von Rogue Wave Software (20)

The Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data PerspectiveThe Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data Perspective
 
No liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failureNo liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failure
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformation
 
Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...
 
Adding layers of security to an API in real-time
Adding layers of security to an API in real-timeAdding layers of security to an API in real-time
Adding layers of security to an API in real-time
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case study
 
Advanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsAdvanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applications
 
The forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for youThe forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for you
 
Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?
 
Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices
 
5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure success5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure success
 
PSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliancePSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliance
 
Java 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the futureJava 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the future
 
How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)
 
Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)
 
How to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxHow to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to Linux
 
Approaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsApproaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC apps
 
Enterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSEnterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOS
 
Walk through an enterprise Linux migration
Walk through an enterprise Linux migrationWalk through an enterprise Linux migration
Walk through an enterprise Linux migration
 
How to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmHow to keep developers happy and lawyers calm
How to keep developers happy and lawyers calm
 

Kürzlich hochgeladen

Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLionel Briand
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfInnovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfYashikaSharma391629
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...Akihiro Suda
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 

Kürzlich hochgeladen (20)

Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your BusinessAdvantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfInnovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 

Agile automotive software

  • 2. Presenters Jeff Hildreth, Automotive Account Manager Rogue Wave Software Ahmed Abdelrahman, Release Engineer Rogue Wave Software John Chapman, Solutions Architect Rogue Wave Software 2© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED
  • 3. Agenda • A holistic approach to cybersecurity • Blending DevOps and Agile for security • How to implement a Jenkins CI system • Examples of security defects • Q&A 3© 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED
  • 4. A holistic approach to cybersecurity
  • 5. A holistic approach to cybersecurity © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 5 Information overload Develop an adaptive threat model Threat Model External Data Internal Threat Metric Action
  • 6. © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 6 Threat model Most breaches result from input trust issues Threat modeling identifies, quantifies, and addresses security risks by: 1. Understanding the application & environment 2. Identifying & prioritizing threats 3. Determining mitigation actions Identify assets System overview Decompose application Identify threats Prioritize threats
  • 7. © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 7 Security overload News Blogs, social media conferences Security standards OWASP, CWE, CERT, etc. Senator Markey report NVD, White Hat, Black Hat OEMs, internal Media More and more software running inside your car Standards and legislation Research Requirements Developers don’t know security (80% failed security knowledge survey)
  • 8. Developing a threat metric © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 8 Build score • Automated and functional testing can give you a pass fail metric on every run of the test suite • A metric can be generated from penetration testing based on the number of exploitable paths in your code base • Software quality tools can give you a count of critical static analysis and compiler warnings • A metric can be developed based on the presence of snippets of open source code previously undetected or open source with new known vulnerabilities • All of these metrics can be generated on every build of your software
  • 9. DevOps & Agile for security
  • 10. Agile development: Integrated security © 2015 Rogue Wave Software, Inc. All Rights Reserved. 10 Adaptive Accept Sprint 1 Sprint 2 Sprint n Release Change Adjust and Track Feedback Review Next Iteration No! Yes! Release to Market Integrate and Test Integrate and Test Integrate and Test Multiple testing points Rapid feedback required “Outside” testing does not meet Agile needs
  • 11. DevOps SDLC 11 Continuous Integration SDLC Step UAT/ exploratory testing Functional testing Performance load security Release Deploy Metric Understand Needs Invent Solution Develop Build Commit Idea © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED
  • 13. Jenkins CI © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 13
  • 15. Load, Performance, Security…Testing phase © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 15 Load, Performance, Security, … Testing
  • 16. Develop, commit & build © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 16
  • 17. Develop, commit & build © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 17
  • 18. DevOps SDLC 18 Continuous Integration SDLC Step UAT/ exploratory testing Functional testing Performance load security Release Deploy Metric Understand Needs Invent Solution Develop Build Commit Idea © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED
  • 19. Conclusions © 2015 ROGUE WAVE SOFTWARE, INC. ALL RIGHTS RESERVED 19 The application security world is fluid Create concrete, actionable strategies (Threat Metric, analysis & scanning) Delivery cycles are short Update regularly with well-defined process (Agile, CI)
  • 20. See us in action: www.roguewave.com Jeff Hildreth | jeff.hildreth@roguewave.com
  • 21. Q&A

Hinweis der Redaktion

  1. In an Agile environment, release cycles may be measured in days rather than weeks, making testing for security and compliance more challenging. Agile requires frequent testing and rapid, continuous feedback. Shipping code to a separate group for testing, and receiving results days later, will break the Agile model. To be successful in an Agile environment, compliance and security testing and feedback must be integrated with the rest of the Agile team. Note, with Agile, “Release to Market” doesn’t always mean an external release, Potentially shippable increment, or PSI, and minimum viable product (MVP) are two terms used to describe what may or may not be released to customers. When we examine the process, testing is brought in throughout the development lifecycle, rather than waiting until the development is complete. For this reason, testers are typically part of the Agile teams, and testing user stories are built into the backlog from the outset of the sprint, or iteration.
  2. http://www.edn.com/design/automotive/4423428/Toyota-s-killer-firmware--Bad-design-and-its-consequences An example of unintended behavior introduced via a supplier.
  3. http://www.edn.com/design/automotive/4423428/Toyota-s-killer-firmware--Bad-design-and-its-consequences An example of unintended behavior introduced via a supplier.
  4. http://www.edn.com/design/automotive/4423428/Toyota-s-killer-firmware--Bad-design-and-its-consequences An example of unintended behavior introduced via a supplier.
  5. http://www.edn.com/design/automotive/4423428/Toyota-s-killer-firmware--Bad-design-and-its-consequences An example of unintended behavior introduced via a supplier.
  6. http://www.edn.com/design/automotive/4423428/Toyota-s-killer-firmware--Bad-design-and-its-consequences An example of unintended behavior introduced via a supplier.