Derek Weeks, Keynote, All Day DevOps 830am GMT

•Download as PPTX, PDF•

0 likes•221 views

Derek Weeks, Keynote, All Day DevOps 830am GMT

@weekstweets

Everyone has a software supply chain.
(even if you don’t call it that)

Number of Releases Per OSS Ecosystem
Demand Drives
15,000 New
Releases Every
Day
@weekstweets

Source: Sonatype
Automation accelerates OSS downloads

npm
package
downloads

Not all components are created equal

All Countries
Show Poor
Cyber
Hygiene
1 in 7
Downloads
1 in 9
Downloads

170,000
java component
downloads annually
3,500
unique
18,870
11.1% with known
vulnerabilities
7,500 organizations analyzed
@weekstweets

Breaches increased 55% YOY

The speed of exploits has compressed 93%
Sources: Gartner, IBM, Sonatype
@weekstweets

March 7
Apache Struts releases
updated version to
thwart vulnerability
CVE-2017-5638
Today
8,780 continue to
download vulnerable
versions of Struts
57% of the Fortune 100
3 Days in March
March 8
NSA reveals Pentagon
servers scanned by
nation-states for
vulnerable Struts
instances
Struts exploit published
to Exploit-DB.
March 10
Equifax
Canada Revenue Agency
Canada Statistics
GMO Payment Gateway
The Rest of the Story
March 13
Okinawa Power
Japan Post
March 9
Cisco observes "a high number
of exploitation events."
March ’18
India’s AADHAAR
April 13
India Post
December ’17
Monero Crypto Mining
Software’s big hack
Equifax was not alone
@weekstweets

Software’s Big Hack
A shifting battlefront of attacks (March 2016 – August 2018)

DevSecOps challenge: automate faster than evil.
@weekstweets

DevSecOps automation helps

Trusted software supply chains are 2x more secure

The rising tide of regulation and software liability

Thank you.
Find me on Slack now in #keynotes.
I’ll share my slides there.
@weekstweets

More Related Content

Similar to Derek Weeks, Keynote, All Day DevOps 830am GMT

Nadog dev secops_survey

Nadog dev secops_survey

Nadog dev secops_survey

Security Software Supply Chains - Sonatype - DevSecCon Singapore March 2019

Security Software Supply Chains - Sonatype - DevSecCon Singapore March 2019

Security Software Supply Chains - Sonatype - DevSecCon Singapore March 2019

Cameron Townshend

Cameron Townshend Today’s pace of innovation and need to out “innovate” competitors can often cause developers to bypass key portions of Gene Kim’s Three Ways of DevOps - specifically to never pass a known defect downstream and emphasize performance of the entire system. As we embrace movements like CI, CD and Devops to cut down on release cycles - and innovate faster, we as developers must also embrace the reality that the risk landscape is too complex to leave “security” to just those with security in their title. Traditional methods do not cut it anymore – it’s time for DevSecOps. Instinctively, we understand how critical this is. In Sonatype’s recent 2018 DevSecOps Community report, where 2,076 IT professionals were surveyed, 48% of respondents admitted that developers know application security is important, but they don’t have the time to spend on it. Done properly, DevSecOps practices shouldn’t interrupt the DevOps pipeline - but instead aid it - preventing costly rebuilds and build breaks, down the road. By creating automated governance and compliance guardrails that are embedded early and throughout the software development lifecycle, developers have transparent access to digital guardrails integrated within our native tools — an approach that ensures security is being built in without slowing us down. These instant feedback loops detailing good or bad components have been shown to increase developer productivity by as much as 48%. Over time, this approach ensures developers procure the best components from the best suppliers, while continuously tracking components across the entire lifecycle. Attendees of this session will walk away with: Real-world examples of how large and small companies are implementing DevSecOps practices in their own delivery pipelines, and increasing developer awareness to risks Key insights from 2,076 of their peers who participated in the 2018 DevSecOps community report - including where most mature DevOps practices are focusing their security efforts A walkthrough of how security principles have been embedded in a CICD pipeline and what standards for implementation are beginning to follow suite

DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape

DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape

DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape

August was a big month for zero-day vulnerabilities, in which a total of 11 were reported. This is by far the largest number disclosed in a given month to-date. Six of these zero-day vulnerabilities impact industrial control systems, devices used in industrial sectors and critical infrastructures, across five vendors. The vulnerabilities cover a wide range of possible attacks, including remote code execution and denial of service attacks. Two further zero-day vulnerabilities were discovered in the Apple OS X operating system. When used in tandem, these two vulnerabilities can cause memory corruption in the OS X kernel and gain the attacker escalated privileges on the compromised computer. These vulnerabilities come on the heels of a new OS X threat called OSX.Sudoprint. This threat exploits a local privilege escalation vulnerability in the OS X operating system, which was patched by Apple at the beginning of August. This threat comprised over 77 percent of the OS X threats we saw on OS X endpoints this month.

Symantec intelligence report august 2015

Symantec intelligence report august 2015

Symantec intelligence report august 2015

Symantec Intelligence Report: February 2015

Symantec Intelligence Report: February 2015

Symantec Intelligence Report: February 2015

Dev Secops Software Supply Chain

Dev Secops Software Supply Chain

Dev Secops Software Supply Chain

Cameron Townshend

It’s our second all-Equifax “Open Source Insight,” as the Equifax breach unfortunately still leads the cybersecurity and open source security news cycle this week. As the Equifax breach has shown, open source security risks are a daunting reality. But that breach should never have happened — a known, fixable open source vulnerability not being remediated. Open source software — such as Apache Struts — comprises 80 to 90 percent of the code in modern applications, yet most organizations lack any visibility into the open source they are using. In response, Black Duck, the global leader in automated solutions for securing and managing open source software, announced this week the availability of a free-use tool that enables organizations to determine if they are at risk from the Apache Struts vulnerability that was exploited in the recent, high-profile Equifax breach.

Threat Check for Struts Released, Equifax Breach Dominates News

Threat Check for Struts Released, Equifax Breach Dominates News

Threat Check for Struts Released, Equifax Breach Dominates News

Black Duck by Synopsys

Attack of the killer virus!

Attack of the killer virus!

Attack of the killer virus!

Securing Modern Applications: The Data Behind DevSecOps

Securing Modern Applications: The Data Behind DevSecOps

Securing Modern Applications: The Data Behind DevSecOps

The largest data breach reported in June resulted in the exposure up 1.3 million identities. This seems like a small number when compared to the 145 million exposed in the largest breach of May. However, while reported in June, this breach also took place during the month of May. This brings the total number of identities exposed in May to over 147 million, which is the second-worst month for data breaches in the last 12 months. There was an average of 88 spear-phishing attacks per day in June. This appears to be a return of spear-phishing levels seen in the months of March and April, after the average per day dropped in May. A relatively new OSX threat by the name of OSX.Stealbit.B topped our list of OSX malware, responsible for 25.7 percent of OSX threat found on OSX systems. This threat looks for specific bitcoin-related software on OSX computers and will attempt to modify the programs in order to steal bitcoins. The number of Android variants per family reached the lowest levels seen in the last twelve months. While there was not a significant change in the number of families discovered in June, this may indicate that attackers have had more success with their current set of threats, reducing their need to create multiple variants. June was a quiet month for vulnerabilities, where (only) 438 were reported—tying the lowest number reported in the last 12 months. There were no zero day vulnerabilities disclosed during the month. Highlights from June 2014 Intelligence Report Key Findings There was an average of 88 spear-phishing attacks per day in June. The number of Android variants per family reached the lowest levels seen in the last twelve months, at 18 variants per family. The largest data breach reported in June took place in May, and resulted in the exposure of 1.3 million identities.

Symantec Intelligence Report - June 2014

Symantec Intelligence Report - June 2014

Symantec Intelligence Report - June 2014

Our vulnerability of the week is CVE-2017-9805, which resides in Apache Struts’ REST plugin, a must-have in almost all Struts enterprise deployments. Attackers can exploit the bug via HTTP requests or via any other socket connection, with a public exploit published on Thursday. Happily, on Monday the Apache Struts team released Apache Struts v2.5.13, which includes a fix for CVE-2017-9805. As always, the byword of the week is “patch and update.” Also looming large in this week’s news is the massive cyber-break-in at Equifax, where highly sensitive personal and financial information for around 143 million U.S. consumers (the editor apparently being among those affected) was compromised.

Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses

Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses

Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses

Black Duck by Synopsys

2019 04-18 -DevSecOps-software supply chain

2019 04-18 -DevSecOps-software supply chain

2019 04-18 -DevSecOps-software supply chain

Cameron Townshend

RSAC DevSecOpsDays 2018 - We are all Equifax

RSAC DevSecOpsDays 2018 - We are all Equifax

RSAC DevSecOpsDays 2018 - We are all Equifax

Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 Vulnerability

Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 Vulnerability

Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 Vulnerability

Black Duck by Synopsys

Is my software ecosystem healthy? It depends!

Is my software ecosystem healthy? It depends!

Is my software ecosystem healthy? It depends!

This issue of Open Source Insight looks at how data leaks on Amazon servers may have exposed the personal information of 198 million American voters and 14 million Verizon customers. Is the federal cybersecurity infrastructure keeping up with threats? Why do some many companies have problems keeping their software up to date? Are vulnerability tools up to snuff? All this and more open source security and cybersecurity news…

Open Source Insight: Amazon Servers Exposed Open Source & the Public Sector...

Open Source Insight: Amazon Servers Exposed Open Source & the Public Sector...

Open Source Insight: Amazon Servers Exposed Open Source & the Public Sector...

Black Duck by Synopsys

Merriam-Webster defines a totem as any supposed entity that watches over or assists a group of people, such as a family, clan, or tribe. In this presentation I will focus on how TOTEM assists in watching over and evaluating the threat an IP represents. The idea behind TOTEM is simple: compare threat information from sources such as watchlists (DShield, Emerging Threats, SenderBase, etc.) to activities with the organization (IDS/IPS, flow logs, etc.) and other locations (SANS ISC, DOE federated model, etc.). As new threat information and activity sources are added, a better evaluation can be rendered.

TOTEM: Threat Observation, Tracking, and Evaluation Model

TOTEM: Threat Observation, Tracking, and Evaluation Model

TOTEM: Threat Observation, Tracking, and Evaluation Model

Nowadays threat of previously unknown cyber-attacks are increasing because existing security systems are not able to detect them. Previously, leaking personal information by attacking the PC or destroying the system was very common cyber attacks . But the goal of recent hacking attacks has changed from leaking information and destruction of services to attacking large-scale systems such as critical infrastructures and state agencies. In the other words, existing defence technologies to counter these attacks are based on pattern matching methods which are very limited. Because of this fact, in the event of new and previously unknown attacks, detection rate becomes very low and false negative increases. To defend against these unknown attacks, which cannot be detected with existing technology, a new model based on big data analysis techniques that can extract information from a variety of sources to detect future attacks is proposed. The expectation with this model is future Advanced Persistent Threat (APT) detection and prevention.

Detecting Unknown Attacks Using Big Data Analysis

Detecting Unknown Attacks Using Big Data Analysis

Detecting Unknown Attacks Using Big Data Analysis

Fitsum ristu lakew tripwire for intrusion detection

Fitsum ristu lakew tripwire for intrusion detection

Fitsum ristu lakew tripwire for intrusion detection

FITSUM RISTU LAKEW

The number of spear phishing attacks per day continues to trend downward over the last twelve months, coming in at 45 per day in October. Of the attachments used in such email-based attacks, the .doc attachment type comprised 62.5 percent and .exe attachments made up 14.4 percent. Of the industries attacked, the category of Finance, Insurance, and Real Estate received 28 percent of all spear phishing attempts in the month of October, followed by Manufacturing at 17 percent. The largest data breach that was disclosed in October took place back in July. This breach had previously been reported; however, we learned this month that the breach resulted in the exposure of identities within 76 million households, plus information on an additional seven million small businesses. In the Mac threat landscape, OSX.Okaz was the most frequently encountered OSX risk seen on OSX endpoints, making up 28.8 percent of OSX risks. OSX.Okaz is an adware program that may modify browser homepage and search settings. Finally, ransomware as a whole continues to decline as the year progresses. However, the amount of crypto-style ransomware seen continues to increase. This particularly aggressive form of ransomware made up 55 percent of all ransomware in the month of October.

Symantec Intelligence Report - October 2014

Symantec Intelligence Report - October 2014

Symantec Intelligence Report - October 2014

Similar to Derek Weeks, Keynote, All Day DevOps 830am GMT (20)

Nadog dev secops_survey

Nadog dev secops_survey

Nadog dev secops_survey

Security Software Supply Chains - Sonatype - DevSecCon Singapore March 2019

Security Software Supply Chains - Sonatype - DevSecCon Singapore March 2019

Security Software Supply Chains - Sonatype - DevSecCon Singapore March 2019

DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape

DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape

DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape

Symantec intelligence report august 2015

Symantec intelligence report august 2015

Symantec intelligence report august 2015

Symantec Intelligence Report: February 2015

Symantec Intelligence Report: February 2015

Symantec Intelligence Report: February 2015

Dev Secops Software Supply Chain

Dev Secops Software Supply Chain

Dev Secops Software Supply Chain

Threat Check for Struts Released, Equifax Breach Dominates News

Threat Check for Struts Released, Equifax Breach Dominates News

Threat Check for Struts Released, Equifax Breach Dominates News

Attack of the killer virus!

Attack of the killer virus!

Attack of the killer virus!

Securing Modern Applications: The Data Behind DevSecOps

Securing Modern Applications: The Data Behind DevSecOps

Securing Modern Applications: The Data Behind DevSecOps

Symantec Intelligence Report - June 2014

Symantec Intelligence Report - June 2014

Symantec Intelligence Report - June 2014

Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses

Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses

Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses

2019 04-18 -DevSecOps-software supply chain

2019 04-18 -DevSecOps-software supply chain

2019 04-18 -DevSecOps-software supply chain

RSAC DevSecOpsDays 2018 - We are all Equifax

RSAC DevSecOpsDays 2018 - We are all Equifax

RSAC DevSecOpsDays 2018 - We are all Equifax

Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 Vulnerability

Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 Vulnerability

Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 Vulnerability

Is my software ecosystem healthy? It depends!

Is my software ecosystem healthy? It depends!

Is my software ecosystem healthy? It depends!

Open Source Insight: Amazon Servers Exposed Open Source & the Public Sector...

Open Source Insight: Amazon Servers Exposed Open Source & the Public Sector...

Open Source Insight: Amazon Servers Exposed Open Source & the Public Sector...

TOTEM: Threat Observation, Tracking, and Evaluation Model

TOTEM: Threat Observation, Tracking, and Evaluation Model

TOTEM: Threat Observation, Tracking, and Evaluation Model

Detecting Unknown Attacks Using Big Data Analysis

Detecting Unknown Attacks Using Big Data Analysis

Detecting Unknown Attacks Using Big Data Analysis

Fitsum ristu lakew tripwire for intrusion detection

Fitsum ristu lakew tripwire for intrusion detection

Fitsum ristu lakew tripwire for intrusion detection

Symantec Intelligence Report - October 2014

Symantec Intelligence Report - October 2014

Symantec Intelligence Report - October 2014

More from Derek E. Weeks

ABN AMRO DevSecOps Journey

ABN AMRO DevSecOps Journey

ABN AMRO DevSecOps Journey

Presentation from 18 November 2014. Software applications need to be delivered faster and across more platforms than ever. To build high quality software in short order, we’ve seen a dramatic shift from source code to component-based development, with open source and third party components providing the innovation and efficiency that developers need. Unfortunately, our dependence on components is growing faster than our ability to secure them. These shared components are not top-of-mind when considering application risk. Worse yet, components are increasingly the preferred attack surface in today’s applications. The combination of growing component usage, coupled with lack of security, requires us to urgently re-evaluate traditional application security approaches and identify practical next steps for closing this security gap. So what’s the “neglected 90%,” why is it attractive to your adversaries and what can you do about it? Plenty. Here are 7 key points, for starters. http://bit.ly/AHC_USAF

7 Reasons Your Applications are Attractive to Adversaries

7 Reasons Your Applications are Attractive to Adversaries

7 Reasons Your Applications are Attractive to Adversaries

Share Point Business Process Maturity

Share Point Business Process Maturity

Share Point Business Process Maturity

Upping the Ante -- ECM Meets BPM

Upping the Ante -- ECM Meets BPM

Upping the Ante -- ECM Meets BPM

Share Point Survey Results Fall 2011

Share Point Survey Results Fall 2011

Share Point Survey Results Fall 2011

ITXpo Adaptive Case Management, by Derek Weeks

ITXpo Adaptive Case Management, by Derek Weeks

ITXpo Adaptive Case Management, by Derek Weeks

Global 360, a leading provider is conducting an ongoing series of surveys on how businesses are using Microsoft SharePoint. The first survey , conducted in August 2010, had 886 participants. The latest iteration, from January 2011, included 830 responses. People familiar with SharePoint across many organizational roles and from multiple industries worldwide participated in the survey. The goal of the surveys is to: • Determine the breadth, depth, and trends of SharePoint usage in the market today • Understand how companies are driving value out of their implementations, and • Identify challenges related to their investment.

SharePoint Survey Results 2011

SharePoint Survey Results 2011

SharePoint Survey Results 2011

More from Derek E. Weeks (7)

ABN AMRO DevSecOps Journey

ABN AMRO DevSecOps Journey

ABN AMRO DevSecOps Journey

7 Reasons Your Applications are Attractive to Adversaries

7 Reasons Your Applications are Attractive to Adversaries

7 Reasons Your Applications are Attractive to Adversaries

Share Point Business Process Maturity

Share Point Business Process Maturity

Share Point Business Process Maturity

Upping the Ante -- ECM Meets BPM

Upping the Ante -- ECM Meets BPM

Upping the Ante -- ECM Meets BPM

Share Point Survey Results Fall 2011

Share Point Survey Results Fall 2011

Share Point Survey Results Fall 2011

ITXpo Adaptive Case Management, by Derek Weeks

ITXpo Adaptive Case Management, by Derek Weeks

ITXpo Adaptive Case Management, by Derek Weeks

SharePoint Survey Results 2011

SharePoint Survey Results 2011

SharePoint Survey Results 2011

Recently uploaded

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Introduction to Multilingual Retrieval Augmented Generation (RAG)

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

rafiqahmad00786416

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Mcleodganj Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Mcleodganj Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Mcleodganj Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Architecting Cloud Native Applications

Architecting Cloud Native Applications

Architecting Cloud Native Applications

Six Myths about Ontologies: The Basics of Formal Ontology

Six Myths about Ontologies: The Basics of Formal Ontology

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Discover the innovative features and strategic vision that keep WSO2 an industry leader. Explore the exciting 2024 roadmap of WSO2 API management, showcasing innovations, unified APIM/APK control plane, natural language API interaction, and cloud native agility. Discover how open source solutions, microservices architecture, and cloud native technologies unlock seamless API management in today's dynamic landscapes. Leave with a clear blueprint to revolutionize your API journey and achieve industry success!

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2's API Vision: Unifying Control, Empowering Developers

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

Recently uploaded (20)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Architecting Cloud Native Applications

Architecting Cloud Native Applications

Architecting Cloud Native Applications

Six Myths about Ontologies: The Basics of Formal Ontology

Six Myths about Ontologies: The Basics of Formal Ontology

Six Myths about Ontologies: The Basics of Formal Ontology

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2's API Vision: Unifying Control, Empowering Developers

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

Derek Weeks, Keynote, All Day DevOps 830am GMT

1. @weekstweets

2. Everyone has a software supply chain. (even if you don’t call it that)

3. Number of Releases Per OSS Ecosystem Demand Drives 15,000 New Releases Every Day @weekstweets

4. Source: Sonatype Automation accelerates OSS downloads

5. npm package downloads

6. Not all components are created equal

7. All Countries Show Poor Cyber Hygiene 1 in 7 Downloads 1 in 9 Downloads

8. 170,000 java component downloads annually 3,500 unique 18,870 11.1% with known vulnerabilities 7,500 organizations analyzed @weekstweets

9. Breaches increased 55% YOY

10. The speed of exploits has compressed 93% Sources: Gartner, IBM, Sonatype @weekstweets

11. March 7 Apache Struts releases updated version to thwart vulnerability CVE-2017-5638 Today 8,780 continue to download vulnerable versions of Struts 57% of the Fortune 100 3 Days in March March 8 NSA reveals Pentagon servers scanned by nation-states for vulnerable Struts instances Struts exploit published to Exploit-DB. March 10 Equifax Canada Revenue Agency Canada Statistics GMO Payment Gateway The Rest of the Story March 13 Okinawa Power Japan Post March 9 Cisco observes "a high number of exploitation events." March ’18 India’s AADHAAR April 13 India Post December ’17 Monero Crypto Mining Software’s big hack Equifax was not alone @weekstweets

12. Software’s Big Hack A shifting battlefront of attacks (March 2016 – August 2018)

13. DevSecOps challenge: automate faster than evil. @weekstweets

14. DevSecOps automation helps

15. Trusted software supply chains are 2x more secure

16. The rising tide of regulation and software liability

17. Thank you. Find me on Slack now in #keynotes. I’ll share my slides there. @weekstweets

Editor's Notes

There's a really interesting site out there called moduleaccounts.com. It has a simple value, it keeps track of the number of different components, or packages that are available across the different development languages, from pipi, to nuget, to bower, to maven, components, etc. And it shows the increase in the number of these components that are available to the developer ecosystem, or the developer population, over time. We used some data from that site to see that over a thousand new open-source projects were created each day. People delivering a new kind of software, a new kind of component. Then, from the general population of all open-source projects worldwide, we were able to estimate that ten thousand new versions of components are introduced every day. There's this huge supply of components entering the ecosystem, and available to our software supply chains. When we look at the central repository that Sonatype manages, of maven style or java open-source components, we looked across 380 thousand open-source projects, and found that on average those projects were releasing fourteen new versions of their components every year. That's great from a supply chain aspect, that the suppliers are very active, actively releasing new software, actively releasing new innovations, and actively improving the software that they're making available to developers worldwide.
Ever since 2009 when John Aspaw shared Etsy’s practice of 10 deploys a day, the rest of the development industry has been trying to catch up.