SlideShare ist ein Scribd-Unternehmen logo

Trusting Your Ingredients - What Building Software And Cheesecake Have In Common

L
Leon Stigter

I have a confession to make. I love writing code almost as much as I love cheesecake. As a developer, I’ve written code and built apps, and I realized that building apps and creating a cheesecake have a lot in common. In both cases you need to have the right ingredients, you need to trust your suppliers and have transparency in your production process. In this talk, we'll look at how you can, and why you should, know what is in the app you deploy

Software
1 von 38
Trusting Your Ingredients What Building Software And Cheesecake Have In Common
27Number of ingredients in this cake mix Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
176Safety violations in imported food to Japan in 2016 Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved https://www.statista.com/statistics/797574/japan-imported-foods-safety-violations-standards-hazardous-substances-by-country/
976Number of packages installed for @angular/cli Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved For three years in a row more than one billion records have been exposed in the first quarter of the year
Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved For three years in a row more than one billion records have been exposed in the first quarter of the year
• Developer Advocate • Passionate about Serverless, Containers, and all things Cloud • I love dadjokes, cheesecake and APIs Who am i? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved @LeonStigter Leon Stigter, Developer Advocate
Petyr the Pastry Chef Arya the App Dev Introducing our main characters @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
• Ingredients • Recipe • Kitchen stuff (whisk, bowl, spatula) • Appliances (oven, fridge) • Fork Making a cheesecake @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
• Ingredients • Recipe • Kitchen stuff (whisk, bowl, spatula) • Appliances (oven, fridge) • Fork • Libraries (Jars, Modules, Gems…) • Source code • Dev tools (editor, cli tools, vcs) • Build tools (CI/CD server) • Runtime (K8s) Building an app @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
@LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Let’s start with ingredients
Will subpar ingredients get me the best cheesecake? The best ingredients for the best cheesecake @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Where do the vendors I use get the ingredients from? Where do I get my ingredients from? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
End-to-End transparency TRUST Traceability What matters for ingredients? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Where do my ingredients come from? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Trust, but verify… @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Do you trust your colleagues? I hope the answer is yes
Trust is built with consistency @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Do you trust the rest of the world?
98% of developers use Open Source tools at work 96% of commercial apps embed Open Source 79% of businesses use Open Source for key systems Do you trust the rest of the world? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
3407 Number of security vulnerabilities discovered and reported in 2019 https://www.cvedetails.com/vulnerability-list/year-2019/vulnerabilities.html Do you trust the rest of the world? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
I think it is safe to say that… @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Having trust in where your ingredients come from and who made them is important in both making cheesecake and software
@LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Let’s look at transparency
Kitchen brand NEFF questioned 1,500 Brits Only 7% thinks it’s important to follow recipes Following the recipe, but add a little of yourself @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Protecting your recipes @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
35 licenses • 13 require you to publish product sources • 4 allow users to ask for sources on hosted software Open source licenses @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Source: https://choosealicense.com/appendix/
Source code Recipes in software @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Developers programming in DevSecOps environments fix 11x faster than other developers
Common faults • Input Validation • Memory Corruption • Numeric Errors • Cryptographic Issues But what about • Hardcoded Passwords, • Missing Validation • Backdoors • Data Anomalies Recipes in software: things to watch for @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Choosing the right equipment @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Providing visibility into your process @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved SECURITY The philosophy of integrating security practices within the DevOps process. #SecurityFirst culture! How? Introducing security earlier in the life cycle of application development
Tool selection @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved 77%of developers have a say in which tools their company uses Source: State of the Developer Nation Q3’17
• DevSecOps aims to embed security in every part of the application lifecycle – run time, build time and even development time. • It means developing more secure applications faster refusing to accept that the two (secure & fast) are mutually exclusive! Shifting left… @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Providing visibility into your process @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Immutability and repeatability @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved The best way to guarantee issues is force push Immutable dependencies Who doesn’t remember left-pad with Node.js? Lost Dependencies Do you trust your suppliers enough? Internet Issues
Making your cheesecake and having it too @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Buildtime, Runtime, and real-time security @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
• Ingredients • Recipe • Kitchen stuff (whisk, bowl, spatula) • Appliances (oven, fridge) • Fork • Libraries (Jars, Modules, Gems…) • Source code • Dev tools (editor, cli tools, vcs) • Build tools (CI/CD server) • Runtime (K8s) recap @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Trusting your ingredients Trusting your suppliers Transparency in your process recap @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
Thank you! Questions? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved

Empfohlen

Thinking Stateful Serverless
Thinking Stateful ServerlessThinking Stateful Serverless
Thinking Stateful ServerlessLeon Stigter
 
Test driving event-driven apps on kubernetes with kind, tekton, and knative
Test driving event-driven apps on kubernetes with kind, tekton, and knativeTest driving event-driven apps on kubernetes with kind, tekton, and knative
Test driving event-driven apps on kubernetes with kind, tekton, and knativeLeon Stigter
 
Building Event-Driven Workflows with Knative and Tekton
Building Event-Driven Workflows with Knative and TektonBuilding Event-Driven Workflows with Knative and Tekton
Building Event-Driven Workflows with Knative and TektonLeon Stigter
 
Data Driven Decisions in DevOps
Data Driven Decisions in DevOpsData Driven Decisions in DevOps
Data Driven Decisions in DevOpsLeon Stigter
 
Every Talk Has To Be Unique @ DevRel Meetup
Every Talk Has To Be Unique @ DevRel Meetup Every Talk Has To Be Unique @ DevRel Meetup
Every Talk Has To Be Unique @ DevRel Meetup Leon Stigter
 
Continuous Verification in a Serverless World
Continuous Verification in a Serverless WorldContinuous Verification in a Serverless World
Continuous Verification in a Serverless WorldLeon Stigter
 
Continuous Verification in a Serverless World
Continuous Verification in a Serverless WorldContinuous Verification in a Serverless World
Continuous Verification in a Serverless WorldLeon Stigter
 
Trusting Your Ingredients @DevOpsDays Columbus 2019
Trusting Your Ingredients @DevOpsDays Columbus 2019Trusting Your Ingredients @DevOpsDays Columbus 2019
Trusting Your Ingredients @DevOpsDays Columbus 2019Leon Stigter
 

Empfohlen

Thinking Stateful Serverless
Thinking Stateful ServerlessThinking Stateful Serverless
Thinking Stateful ServerlessLeon Stigter
 
Test driving event-driven apps on kubernetes with kind, tekton, and knative
Test driving event-driven apps on kubernetes with kind, tekton, and knativeTest driving event-driven apps on kubernetes with kind, tekton, and knative
Test driving event-driven apps on kubernetes with kind, tekton, and knativeLeon Stigter
 
Building Event-Driven Workflows with Knative and Tekton
Building Event-Driven Workflows with Knative and TektonBuilding Event-Driven Workflows with Knative and Tekton
Building Event-Driven Workflows with Knative and TektonLeon Stigter
 
Data Driven Decisions in DevOps
Data Driven Decisions in DevOpsData Driven Decisions in DevOps
Data Driven Decisions in DevOpsLeon Stigter
 
Every Talk Has To Be Unique @ DevRel Meetup
Every Talk Has To Be Unique @ DevRel Meetup Every Talk Has To Be Unique @ DevRel Meetup
Every Talk Has To Be Unique @ DevRel Meetup Leon Stigter
 
Continuous Verification in a Serverless World
Continuous Verification in a Serverless WorldContinuous Verification in a Serverless World
Continuous Verification in a Serverless WorldLeon Stigter
 
Continuous Verification in a Serverless World
Continuous Verification in a Serverless WorldContinuous Verification in a Serverless World
Continuous Verification in a Serverless WorldLeon Stigter
 
Trusting Your Ingredients @DevOpsDays Columbus 2019
Trusting Your Ingredients @DevOpsDays Columbus 2019Trusting Your Ingredients @DevOpsDays Columbus 2019
Trusting Your Ingredients @DevOpsDays Columbus 2019Leon Stigter
 
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes… Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes… Leon Stigter
 
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…Leon Stigter
 
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In CommonTrusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In CommonLeon Stigter
 
Building a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules RepositoryBuilding a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules RepositoryLeon Stigter
 
Refactoring to Go modules: why and how
Refactoring to Go modules: why and howRefactoring to Go modules: why and how
Refactoring to Go modules: why and howLeon Stigter
 
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...Leon Stigter
 
Data Driven DevOps
Data Driven DevOpsData Driven DevOps
Data Driven DevOpsLeon Stigter
 
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & CodefreshWhere did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & CodefreshLeon Stigter
 
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire FireDevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire FireLeon Stigter
 
The Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With ConfidenceThe Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With ConfidenceLeon Stigter
 
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and LambdaProject Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and LambdaLeon Stigter
 
Project Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the EnterpriseProject Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the EnterpriseLeon Stigter
 
The Road to a Cloud-First Enterprise
The Road to a Cloud-First EnterpriseThe Road to a Cloud-First Enterprise
The Road to a Cloud-First EnterpriseLeon Stigter
 
Building serverless apps with Go & SAM
Building serverless apps with Go & SAMBuilding serverless apps with Go & SAM
Building serverless apps with Go & SAMLeon Stigter
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
buds n tech IT solutions
buds n tech IT solutionsbuds n tech IT solutions
buds n tech IT solutionsmonugehlot87
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 

Weitere ähnliche Inhalte

Mehr von Leon Stigter

Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes… Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes… Leon Stigter
 
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…Leon Stigter
 
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In CommonTrusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In CommonLeon Stigter
 
Building a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules RepositoryBuilding a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules RepositoryLeon Stigter
 
Refactoring to Go modules: why and how
Refactoring to Go modules: why and howRefactoring to Go modules: why and how
Refactoring to Go modules: why and howLeon Stigter
 
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...Leon Stigter
 
Data Driven DevOps
Data Driven DevOpsData Driven DevOps
Data Driven DevOpsLeon Stigter
 
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & CodefreshWhere did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & CodefreshLeon Stigter
 
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire FireDevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire FireLeon Stigter
 
The Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With ConfidenceThe Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With ConfidenceLeon Stigter
 
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and LambdaProject Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and LambdaLeon Stigter
 
Project Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the EnterpriseProject Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the EnterpriseLeon Stigter
 
The Road to a Cloud-First Enterprise
The Road to a Cloud-First EnterpriseThe Road to a Cloud-First Enterprise
The Road to a Cloud-First EnterpriseLeon Stigter
 
Building serverless apps with Go & SAM
Building serverless apps with Go & SAMBuilding serverless apps with Go & SAM
Building serverless apps with Go & SAMLeon Stigter
 

Mehr von Leon Stigter (14)

Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes… Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
 
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
 
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In CommonTrusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
 
Building a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules RepositoryBuilding a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules Repository
 
Refactoring to Go modules: why and how
Refactoring to Go modules: why and howRefactoring to Go modules: why and how
Refactoring to Go modules: why and how
 
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
 
Data Driven DevOps
Data Driven DevOpsData Driven DevOps
Data Driven DevOps
 
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & CodefreshWhere did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
 
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire FireDevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
 
The Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With ConfidenceThe Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With Confidence
 
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and LambdaProject Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
 
Project Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the EnterpriseProject Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the Enterprise
 
The Road to a Cloud-First Enterprise
The Road to a Cloud-First EnterpriseThe Road to a Cloud-First Enterprise
The Road to a Cloud-First Enterprise
 
Building serverless apps with Go & SAM
Building serverless apps with Go & SAMBuilding serverless apps with Go & SAM
Building serverless apps with Go & SAM
 

Kürzlich hochgeladen

Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
buds n tech IT solutions
buds n tech IT solutionsbuds n tech IT solutions
buds n tech IT solutionsmonugehlot87
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningVitsRangannavar
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 

Kürzlich hochgeladen (20)

Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
buds n tech IT solutions
buds n tech IT solutionsbuds n tech IT solutions
buds n tech IT solutions
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 

Trusting Your Ingredients - What Building Software And Cheesecake Have In Common

  • 1. Trusting Your Ingredients What Building Software And Cheesecake Have In Common
  • 2. 27Number of ingredients in this cake mix Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 3. 176Safety violations in imported food to Japan in 2016 Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved https://www.statista.com/statistics/797574/japan-imported-foods-safety-violations-standards-hazardous-substances-by-country/
  • 4. 976Number of packages installed for @angular/cli Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 5. Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved For three years in a row more than one billion records have been exposed in the first quarter of the year
  • 6. Let’s talk about numbers! @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved For three years in a row more than one billion records have been exposed in the first quarter of the year
  • 7. • Developer Advocate • Passionate about Serverless, Containers, and all things Cloud • I love dadjokes, cheesecake and APIs Who am i? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved @LeonStigter Leon Stigter, Developer Advocate
  • 8. Petyr the Pastry Chef Arya the App Dev Introducing our main characters @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 9. • Ingredients • Recipe • Kitchen stuff (whisk, bowl, spatula) • Appliances (oven, fridge) • Fork Making a cheesecake @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 10. • Ingredients • Recipe • Kitchen stuff (whisk, bowl, spatula) • Appliances (oven, fridge) • Fork • Libraries (Jars, Modules, Gems…) • Source code • Dev tools (editor, cli tools, vcs) • Build tools (CI/CD server) • Runtime (K8s) Building an app @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 11. @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Let’s start with ingredients
  • 12. Will subpar ingredients get me the best cheesecake? The best ingredients for the best cheesecake @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 13. Where do the vendors I use get the ingredients from? Where do I get my ingredients from? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 14. End-to-End transparency TRUST Traceability What matters for ingredients? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 15. Where do my ingredients come from? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 16. Trust, but verify… @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Do you trust your colleagues? I hope the answer is yes
  • 17. Trust is built with consistency @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Do you trust the rest of the world?
  • 18. 98% of developers use Open Source tools at work 96% of commercial apps embed Open Source 79% of businesses use Open Source for key systems Do you trust the rest of the world? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 19. 3407 Number of security vulnerabilities discovered and reported in 2019 https://www.cvedetails.com/vulnerability-list/year-2019/vulnerabilities.html Do you trust the rest of the world? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 20. I think it is safe to say that… @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Having trust in where your ingredients come from and who made them is important in both making cheesecake and software
  • 21. @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Let’s look at transparency
  • 22. Kitchen brand NEFF questioned 1,500 Brits Only 7% thinks it’s important to follow recipes Following the recipe, but add a little of yourself @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 23. Protecting your recipes @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 24. 35 licenses • 13 require you to publish product sources • 4 allow users to ask for sources on hosted software Open source licenses @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Source: https://choosealicense.com/appendix/
  • 25. Source code Recipes in software @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved Developers programming in DevSecOps environments fix 11x faster than other developers
  • 26. Common faults • Input Validation • Memory Corruption • Numeric Errors • Cryptographic Issues But what about • Hardcoded Passwords, • Missing Validation • Backdoors • Data Anomalies Recipes in software: things to watch for @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 27. Choosing the right equipment @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 28. Providing visibility into your process @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved SECURITY The philosophy of integrating security practices within the DevOps process. #SecurityFirst culture! How? Introducing security earlier in the life cycle of application development
  • 29. Tool selection @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved 77%of developers have a say in which tools their company uses Source: State of the Developer Nation Q3’17
  • 30. • DevSecOps aims to embed security in every part of the application lifecycle – run time, build time and even development time. • It means developing more secure applications faster refusing to accept that the two (secure & fast) are mutually exclusive! Shifting left… @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 31. Providing visibility into your process @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 32. Immutability and repeatability @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved The best way to guarantee issues is force push Immutable dependencies Who doesn’t remember left-pad with Node.js? Lost Dependencies Do you trust your suppliers enough? Internet Issues
  • 33. Making your cheesecake and having it too @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 34. Buildtime, Runtime, and real-time security @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 35. • Ingredients • Recipe • Kitchen stuff (whisk, bowl, spatula) • Appliances (oven, fridge) • Fork • Libraries (Jars, Modules, Gems…) • Source code • Dev tools (editor, cli tools, vcs) • Build tools (CI/CD server) • Runtime (K8s) recap @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 36. Trusting your ingredients Trusting your suppliers Transparency in your process recap @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved
  • 37.
  • 38. Thank you! Questions? @LeonStigter | Copyright © 2019 JFrog. All Rights Reserved