Intersections: DevOps, Release Engineering, and Security
Derek: Good morning, Paul. There's a lot those pursuing DevOps can learn from
Release Engineering practices. I know you've got a lot of experience to
share, so let's get started.
J. Paul Reed: Good morning, it's good to be here. My background is release
engineering, although these days I am actually called a DevOps consultant. I
have about 15 years' experience doing that. That's what my presentation is
about: sort of the intersection between DevOps, Rugged DevOps, and release
engineering and wanting to explore that with the security and Rugged DevOps
communities.
Derek: In your presentation, you touched on the culture between security and
DevOps and also release engineering -- that a number of organizations have
challenges with and that's the Culture of No. There's a lot of, "Hey, we want
to move faster at h... (more)
21 DevOps and Docker Reference Architectures
When building DevOps or continuous delivery practices you can learn a great
deal from others. What choices did they make, what practices did they put
in place, and how did they connect the dots?
At Sonatype, we pulled together a set of 21 reference architectures for
folks building continuous delivery and DevOps practices using Docker. Why?
After 3,000 DevOps professionals attended our webinar on "Continuous
Integration using Docker" discussing just one reference architecture example,
we recognized there was a strong interest in the c... (more)
Analysis of 25,000 applications reveals 6.8% of packages/components used
included known defects. Organizations standardizing on components between 2 -
3 years of age can decrease defect rates substantially.
Open source and third-party packages/components live at the heart of high
velocity software development organizations. Today, an average of 106
packages / components comprise 80 - 90% of a modern application, yet few
organizations have visibility into what components are used where.
Use of known defective components leads to quality and security issues within
applications. Wh... (more)
Wow, if you ever wanted to learn about Rugged DevOps (some call it
DevSecOps), sit down for a spell with Shannon Lietz, Ian Allison and Scott
Kennedy from Intuit. We discussed a number of important topics including
internal war games, culture hacking, gamification of Rugged DevOps and
starting as a small team. There are 100 gold nuggets in this conversation for
novices and experts alike.
Derek: I have some of the Intuit DevSecOps team here with me today. We're
going to talk to them a little bit about Rugged DevOps and how things work
over at Intuit. Let's start with some introdu... (more)
I had the opportunity to catch up with Chris Corriere - DevOps Engineer at
AutoTrader - to talk about his experiences in the realm of Rugged DevOps.
We discussed automation, culture and collaboration, and which thought
leaders he is following.
Chris Corriere: Hey, I'm Chris Corriere. I'm a DevOps Engineer AutoTrader.
Derek Weeks: Today we're going to talk about Rugged DevOps. It's a subject
that's gaining a lot of traction in the community but not a lot of people are
really familiar with what it is.
DW: What's your definition of Rugged DevOps?
CC: Rugged DevOps to me is defin... (more)