Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
1. R E L E A S E E N G I N E E R I N G &
R U G G E D D E V O P S :
A N I N T E R S E C T I O N ?
J . PA U L R E E D
R E L E A S E E N G I N E E R I N G A P P R O A C H E S
4. R E L E A S E E N G I N E E R I N G &
R U G G E D D E V O P S :
A N I N T E R S E C T I O N !
J . PA U L R E E D
R E L E A S E E N G I N E E R I N G A P P R O A C H E S
D E V O P S C O N N E C T
AT
R S A C O N F E R E N C E
( 2 . 0 )
5. J . PA U L
R E E D
• @jpaulreed on
• Managing Partner, Release
Engineering Approaches
• 15+ years build/release engineering
experience
• Alum of The Ship Show podcast
• Today: “A DevOps Consultant™”
• Master of Science candidate in
Human Factors and Systems Safety
@jpaulreed #RuggedDevOps
6. H O W D O T H E Y
I N T E R S E C T ?
R E L E A S E E N G I N E E R I N G
A N D
R U G G E D D E V O P S :
@jpaulreed #RuggedDevOps
7. R E L E A S E E N G I N E E R I N G / S E C U R I T Y O P E R AT I O N S
S I M I L A R I T Y C H E C K L I S T
• We look… “a little off” to developers & the business™.
• We both can often be found shoveling DevOps Unicorn poop.
@jpaulreed #RuggedDevOps
9. R E L E A S E E N G I N E E R I N G / S E C U R I T Y O P E R AT I O N S
S I M I L A R I T Y C H E C K L I S T
• We look… “a little off” to developers & the business™.
• We both can often be found shoveling DevOps Unicorn poop.
• Including our work in project plans/scoping/requirements: maybe?
• But when “it” breaks, suddenly: all eyes on us. Really angry eyes.
• We have a reputation for “No.”
• The nature of our roles is undergoing a fundamental shift.
• The industry is starting to “get it.”
@jpaulreed #RuggedDevOps
11. R E L E A S E E N G I N E E R I N G ’ S I M PA C T T O / R E L AT I O N
W I T H S E C U R I T Y O P S
• Software Supply Chains
@jpaulreed #RuggedDevOps
12. One vulnerable library
in your product
is a security problem.
Multiple versions of a vulnerable library
in your product
is a release engineering problem.
— @jpaulreed
@jpaulreed #RuggedDevOps
13. R E L E A S E E N G I N E E R I N G ’ S I M PA C T T O / R E L AT I O N
W I T H S E C U R I T Y O P S
• Software Supply Chains
• “Old-fashioned” software delivery mechanisms
• Artifact management
• The bold new world of containers
• Every versioning bikeshed ever
@jpaulreed #RuggedDevOps
15. 1. The ways in which we consume
software continue to be problematic.
@jpaulreed #RuggedDevOps
16. 1. The ways in which we consume
software continue to be problematic.
2. The ways in which we produce
software continue to be problematic.
@jpaulreed #RuggedDevOps
17. 1. The ways in which we consume
software continue to be problematic
2. The ways in which we produce
software continue to be problematic
3. In many cases, we ignoring
heuristics that can help us
@jpaulreed #RuggedDevOps
25. C V S V E N D O R B R A N C H E S , G I T S T Y L E
• Creates a copy of artifacts, so they’re under your
control
• Supports a standardized version format (but you can
use your own because bike shedding!)
• Custom-patch to your heart’s content (and be able to
track them!)
• Supports developer interaction with “standard forks.”
@jpaulreed #RuggedDevOps
30. A L L A B O A R D T H E S S D O C K E R !
@jpaulreed #RuggedDevOps
31. S O W H AT ’ S I N A C O N TA I N E R , A N Y WAY ?
You don’t know.@jpaulreed #RuggedDevOps
32. “The majority of people
using Docker are using
images containing an
entire operating system
filesystem.”
Presentation:
https://speakerdeck.com/garethr/whats-inside-
that-container
@jpaulreed #RuggedDevOps
37. We’re all applying
speed and scale
to our CD pipelines.
And they may need to have
a little more security…
and a little less speed and scale.
— Security researcher
@jpaulreed #RuggedDevOps
39. U S E F U L H E U R I S T I C S W E C A N M I S S
Build Processes Taking A Lot of Time
@jpaulreed #RuggedDevOps
40. U S E F U L H E U R I S T I C S W E C A N M I S S
Build Processes You Can’t Do On a Train
@jpaulreed #RuggedDevOps
41. U S E F U L H E U R I S T I C S W E C A N M I S S
Build Artifacts You Shipped, But Can’t Find Later
@jpaulreed #RuggedDevOps
42. Think of it as housecleaning.
Software bugs are like cockroaches: they
hide in the darkest, messiest parts of your
code.
To get rid of cockroaches, you wouldn’t
hunt them down one-by-one. Instead, you’d
clean up the house and get rid of their
hiding places.
Do the same in your code.
— My undergrad CS professor
@jpaulreed #RuggedDevOps
45. Task the Two
Groups to Research
Your Software
Supply Chain
@jpaulreed #RuggedDevOps
46. Start a project that
engages other
teams with these
practices
@jpaulreed #RuggedDevOps
47. H O W D O T H E Y
I N T E R S E C T ?
R E L E A S E E N G I N E E R I N G
A N D
R U G G E D D E V O P S :
@jpaulreed #RuggedDevOps
48. H O W C A N W E
E N G A G E A N D H E L P
E A C H O T H E R M O R E ?
R E L E A S E E N G I N E E R I N G
A N D
R U G G E D D E V O P S :
@jpaulreed #RuggedDevOps
51. For a handy reminder:
http://WhoOwnsMySoftwareSupplyChain.com@jpaulreed #RuggedDevOps
52. J . PA U L R E E D
W W W. J PA U L R E E D . C O M
@ J PA U L R E E D
W W W. R E L E A S E - A P P R O A C H E S . C O M
S I M P LY S H I P. E V E RY T I M E .
53. Get
my
slides
immediately
community@alldaydevops.com