►
From YouTube: Securing your continuous everything strategy
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
A
Now
software
development
has
evolved
due
to
the
increasing
requirements
and
complexity
that
is
has
been
trying
to
soften
the
limited
states.
Does
the
need
to
increase
productivity
and
getting
to
market
faster
has
led
to
the
line
between
development
and
operations
blowing
into
the
background,
devops
allows
companies
to
build
applications,
test,
deploy
or
release
and
monitor
them
with
the
metrics
or
data
from
production,
environment,
informing
decisions
for
bug,
fixes
and
future
proposals.
A
All
these
happen
within
the
same
cycle.
Thus
the
work
never
stops,
but
we
learn
from
the
mistakes
we've
made
and
fix
them
immediately,
but
one
stage
is
often
missing.
Forgotten
or
neglected
till
the
end
that
security
and
that's
where
dev
said
corps
comes
in
now
with
devsecops
security
is
shifting
to
the
left
amid
a
priority
at
every
stage.
A
This
allows
bugs
vulnerabilities
and
other
issues
to
be
discovered
much
earlier.
Not
just
security.
Governance
is
also
shifting
to
the
left,
because
decision
makers
need
to
be
part
of
the
process
at
every
stage,
in
adding
to
the
context
and
informing
where,
whenever
the
the
development
is
moving
off
the
product
pipeline,
instead
of
showing
up
just
at
the
end
of
the
lifecycle,
but
we
didn't
reset
with
reset
hairplanes
in
the
world,
there
has
been
a
surge
in
the
need
for
a
lot
of
services
to
happen
online,
thus
putting
a
string
on
existing
depth
of
strategies.
A
Everything
needs
to
move
fast.
That's
where
concurrent
devops
comes
in
now.
Take,
for
example,
the
comparison
between
regular
microsoft
word
that
we
use
offline
and
google
docs
with
world.
Only
one
person
can
edit
a
document
at
a
time
and
it
needs
to
be
handed
off
via
email
or
sent
through
some
messaging
app
to
other
people
to
work
on
most
of
them.
Concurrently.
A
This
often
leads
to
conflict,
but
with
dogs,
lots
of
people
can
be
editing
the
same
document
at
the
same
time
with
version
history
and
real-time
feedback.
This
is
what
concurrent
devops
achieves
people
involved
in
software.
Development
at
every
stage
can
be
working
concurrently
without
getting
blocked
by
others,
except,
of
course,
when
there's
a
dependency
that
needs
to
be
resolved.
A
A
A
A
A
A
A
We
use
a
lot
of
tooling
and
a
lot
of
dependencies,
so
if
any
of
them
has
books,
the
whole
code,
mister
has
will
have
bulk
now
listed
here.
I
common
security
challenges
that
we
are
visually
battled
with,
especially
nowadays
we
have
things
like
continental
availabilities
and
because
we
are
an
industry
that
stands
on
the
shoulder
of
giants,
we
use
dependencies
very
heavily
and
not
vet
vetting
them
before
you
use
them
in
such
in
your
software
can
be
detrimental
even
when
you
are
working
with
safe
dependencies.
A
A
The
dependency
you
love
so
much
might
not
have
might
not
fit
your
license
requirement,
which
often
leads
to
legal
issues.
If
left
unchecked,
there
has
been
several
discussions
that
we've
seen
online
lately
about
changes
in
licenses
which
often
doesn't
go
well
bugs
privileges
conditions
license
compliance
and
secret
exposure
are
major
challenges,
honey.
In
on
a
few
of
those
challenges,
I
will
start
his
privileges
condition.
This
is
the
most
exploited
vulnerability,
as
it
usually
happens,
due
to
a
vulnerability
in
a
software
or
the
tooling
being
used
or
the
underlying
operating
system.
A
Images
running
your
software
most
times.
Staying
up
to
date
is
a
remedy,
but
the
rate
at
which
bulbs
of
vulnerabilities
are
discovered.
These
days
is
way
more
faster
than
the
update
strategy
in
place.
In
some
organizations,
most
organizations
stay
versions
behind
which
can
be
an
issue,
especially
with
bugs
update
supply
chain.
Vulnerabilities
are
also
a
major
source
of
privileges,
conditions.
We've
seen
a
lot
in
the
news
we
are
only
as
secure
as
the
tooling
we
use
now.
A
A
Building
images
of
bad
base
images
or
exposing
the
wrong
parts
or
mistakes
that
can
introduce
problems
into
our
system,
those
exposing
our
production
services
now
secret
exposure
is
another
major
concern.
Lately,
a
recent
research
presented
at
the
network
or
a
network
and
distributed
system
security
symposium
showed
that,
despite
how
it's
well
known
a
well-known
fact
to
not
include
secrets
in
ripples
or
expose
them
in
ci,
thousands
of
projects
on
github
that
will
analyze
have
secrets
exposed
in
different
forms,
different
type
of
circuits,
mostly
api
keys
or
secret
keys
of
aws,
and
so
on.
A
Some
of
these
projects
also
assume
you
can
simply
rewrite
history:
to
fix
an
exclusion
mistake
with
the
right
tools.
Bad
actors
can
dig
secrets
in
git
history
to
learn
more
about
the
findings
and
see
how
secretary
is
a
major
concern.
Please
visit
the
link
referenced
on
this
slide
to
learn
more
now.
There
are
a
lot
of
security
checks
that
can
be
done
at
the
video
stages
of
the
development
life
cycle.
We
have
sas,
we
have
dust,
we
have
fuzzy
tests,
especially
secret
detection
and
so
on,
and
most
of
them
can
be
automated.
A
In
particular,
security
choose
now
have
the
ability
to
automatically
even
remediate
discovered
vulnerabilities,
like
rotating
exposed,
aws
keys
or
creating
a
commit
to
correct
or
suggest
container
images,
also,
just
changes
to
container
images
and
other
fixes,
but
chief
among
these
security
features
is
vulnerability.
Management
like
a
dashboard.
A
You
and
your
security
team,
need
to
have
a
dashboard
to
see
the
vulnerabilities
discovered
which
were
automatically
fixed,
which
of
them
automatically
fixed
and
which
of
them
were
fixed
by
the
developers
and
those
that
require
the
inter
attention
of
the
security
team.
This
way
it
can
help
inform
changes
that
need
to
be
made
to
the
system
and
reinforcements
that
need
to
be
put
in
place
in
order
to
avoid
such
vulnerabilities
on
the
slide.
Here,
you
can
see
the
transitional
approach
to
security.
It's
often
an
afterthought.
A
The
whole
development
lifecycle
goes
on
before
an
assessment
is
done
and
it
gets
created
for
the
development
team
to
fix,
but
with
death
star
corpse
but
with,
but
when
your
death
cycle
strategy
becomes
concurrent,
everyone
is
part
of
the
process,
and
everyone
is
involved
in
making
sure
that,
as
soon
as
security
vulnerabilities
are
discovered,
they
are
fixed
with
a
dashboard
presented
to
your
security
team.
In
order
to
be
able
to
see
what
has
been
happening.
A
A
It
involves
all
part
of
the
development
lifecycle,
including
continuous
security
testing
damage
as
every
stage
security
checks
that
you
need
to
do
needs
to
be
continuous
at
for
every
commit
that
is
gone
for
every
push
that
is
done.
Sorry
commits
that
is
done.
They
need
to
be
checked.
They
need
to
be
tested,
images
needs
to
be
checked
before
they
are
built
and
those
images
need
to
be
checked.