5. Poorly Managed Components Puts Organizations At Risk
Security
Licensing
Business
Risk
Quality Issues
#devopsdays
6. Struts Widespread Compromise: CVE-2013-2251
Global
Bank
So+ware
Provider
So+ware
Provider’s
Customer
State
University
Three-‐Le?er
Agency
Large
Financial
Exchange
Hundreds
of
Other
Sites
#devopsdays
7. Organizations Can’t Keep Pace
Complexity
Diversity
Volume
Change
One component may
rely on 00s
of others
40,000 Projects
200MM Classes
400K Components
Typical Enterprise
Consumes
000s of
Components Monthly
Typical Component
is Updated 4X
per Year
#devopsdays
8. What’s this
got to do with
DevOps?
Components are used to build applications.
Agile Development is factored into how
DevOps works.
DevOps Success is dependent on
supporting how applications are built today.
DevOps Must Support Component-based Development!
#devopsdays
15. Shifting Activity Left Eliminates Downstream Impact
It’s More Than Shifting the Testing Effort
Prevent Problems from the beginning to eliminates downstream effort.
Identify Vulnerabilities early to speed development & decrease cost.
Incorporate Security into the design process vs. security as an afterthought.
Remediate Flaws vs. solely focusing on problem identification.
#devopsdays
16. “Prevention is the
Ultimate Form
of Shifting Left”
Curtis Yanko
Architecture Manager – Application
Development & Delivery Services
#devopsdays
17. DevOps : A Natural Way to Assimilate Other Disciplines
Respect & Trust
CULTURE
Shared Information
#devopsdays
Problem Solving
18. Add “Sec” to DevOps
DEV
SECURITY
OPS
QUALITY
#devopsdays
19. Overwhelmed? Consider these Questions
Can we build an accurate inventory of our
open source application components?
What applications are placing our
business at risk?
#devopsdays
20. Let Me Know if You Need Help!
If you want advice on how to get started, please
talk to me during DevOpsDays, or contact me
anytime…
Manfred Moser
manfred@sonatype.com
@simpligility
#devopsdays