►
From YouTube: Hardened Containers for Software Factories Explained
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
So
I'd
like
to
talk
now
just
a
little
bit
about
the
hardened
software
that
we
discussed
a
few
slides
back
and
what
get
lab
is
doing
there
now.
The
air
force
in
particular
has
been
very,
very
aggressive
in
standing
up
what
are
called
software
factories.
They
decided
to
break
the
traditional
model
of
of
being
on
base
being
in
in
restricted
areas.
A
They're
standing
up
these
software
factories
in
various
areas
in
in
shared
office
suites,
if
you
will
and
they're
being
used
to
address
various
aspects
of
the
air
force,
software
needs
bespin,
is
doing
a
lot
of
of
mobile
development
and
and
there's
different
camps
that
are
addressing
the
different
airframes,
such
as
f-16,
f-18s,
u2's,
et
cetera,
and,
in
fact
it's
not
only
the
air
force.
A
The
reason
for
all
this
is
because
of
the
threat
landscape.
Today,
being
so,
aggressive
threats
are
coming
in
at
at
a
far
more
rapid
pace
than
they
ever
have,
and
we
need
to
be
able
to
address
those
vulnerabilities
and
those
threats
as
quickly
as
possible.
A
So
this
is
just
a
depiction
of
what
the
air
force's
software
factory
status
looks
like
again.
There
are
the
software
factories
all
through
the
country
and
and
being
used
to
address,
as
you
see
depicted
here,
a
lot
of
different
aspects
of
the
the
air
force
in
the
dod.
A
Now
this
slide
is
really
just
depicting
that
in
the
air
force
they
recognize
they
needed
to
address
three
three
things:
to
make
this
work:
to
make
it
devsecops
as
efficient
as
possible.
They
needed
to
have
software
that's
accessible
by
all
the
air
force
departments
they
needed
to
have
a
place
to
run
it
and
they
needed
to
have
a
way
of
procuring
it,
it
software
being
licenses,
services,
etc.
A
So,
as
far
as
where
to
run
the
software,
the
air
force
has
stood
up
something
called
platform,
one
and
cloud
one
platform.
One
takes
advantage
of
providing
all
of
hardened
approved
software
tools.
A
As
of
this
writing
about
172
out
to
any
air
force
entity
that
wants
to
use
it
and
they've
got
the
processes
in
place
to
make
sure
that
those
software
modules
or
packages
are
all
configured
the
way
you
would
want
them
to
be,
and
then
cloud
one
really
just
provides
cloud
infrastructure
to
anyone
in
the
air
force.
A
So
if
you
want
to
kind
of
roll
your
own,
if
you
will
can
certainly
do
that
now,
as
far
as
the
software
itself
being
hardened
up
in
the
top
right,
you
see
repo
one
and
iron
bank
iron
bank
used
to
be
called
d
card,
dod,
centralized,
artifact
or
positive
repository.
A
What
happens
is
vendors
like
gitlab,
submit
on
the
left
side
under
public
software
repositories?
We
submit
our
software
to
this.
This
gitlab
repository
that
kicks
off
some
pipelines
like
we
talked
about
earlier.
That
runs
all
types
of
security
scans
on
them,
and
if
that
security
excuse
me,
if
that
software
product
passes
it
moves
into
iron
bank,
where
it
sits
in
there
and
can
be
accessed
by
anyone
wanting
to
use,
for
instance,
get
labs
hardened
approved
container
software
in
their
environment.
A
A
I
do
want
to
point
out
at
this
point
that
get
live
in
particular,
it's
the
exact
same
software,
that's
available
on
our
regular
distribution
channels.
It's
just
that
all
of
our
software
has
been
secured
and
and
vulnerability.
Remediation
has
been
done
to
meet
these
dod
level
requirements,
so
we
do
not
want
two
different
code
streams.
Of
course
we
want
to
always
offer
the
most
secure
software
to
everyone
using
git
lab
and
then,
lastly,
to
the
bottom.
A
You
see
these
basic
ordering
agreements
and
we're
not
going
to
spend
too
much
time
on
that,
but
that's
how
the
dod
has
enabled
of
people
to
procure
the
licenses
and
services
around
these
hardened
containers.
So
the
point
being,
you
could
say,
hey,
I
want
to
use
the
get
lab
hardened
container.
I
want
to
run
it
in
platform
one
and
I'm
going
to
go
and
procure
the
licenses
for
it,
and
these
boas
allow
you
to
procure
those
licenses
in
days
rather
than
weeks
or
hours.
A
So
there's
a
lot
of
other
information
out
there.
You
can
scan
these
codes
or
click
on
the
links
and
and
go
ahead
and
obtain
the
documentation
around
this.
They
do
a
number
of
amas
in
the
air
force
in
particular,
so
you
can
go
out
and
and
listen
in
on
what's
going
on
in
cloud,
one
or
platform,
one
etc.