Following the global wave of innovation on artificial intelligence, machine learning tools, and every possible variation of GPT driven chatbots… Ishmael has been propelled to Chief Technical Officer of Paragon Logic, the most ambitious technical organization of the 21st century. But no one …
In 2023, the demand for secure software development skills is at an all-time high. As DevOps professionals, we need to focus on secure CI/CD pipelines, helping developers secure code, and securing supply chains. During this workshop we’ll discuss best practices to lock down CI pipelines and how to …
In this half-day workshop: We look at how to implement secure coding practices, and then move on to discuss the ins and outs of modern continuous integration. After we lock down our CI pipelines, we’ll look at how to find vulnerabilities in our dependencies. Armed with that information we’ll learn …
Panelist at OpenSSF Day during Open Source Summit North America.
Let’s get it out of the way early: it’s not always clear how you can best plug into organizations like OpenSSF. That’s why I’m writing this guest blog post as an “outsider.” I’m just your average tech employee who has become progressively more involved since my company, Sonatype, became members of …
Choosing the right security testing tools is hard, because each type of tool has a different purpose with unique strengths. It can get confusing, but it’s a lot easier when you can sort them into different methodologies. And the process becomes almost simple once we properly understand the different …
Organizer and host of this annual event. The topic was recently announced for 2023. Security Slam is a 30-day challenge designed to help creators and users of CNCF projects improve their software supply chain security at scale. Participants will have access to the Security Slam Library, which will …
If you’re like many developers or IT professionals, you may have mixed feelings about these lists. I get it. On one hand, you know they’re important for keeping your applications and systems secure. On the other hand, they can be overwhelming, dry, and difficult to implement. But what if …
Conference speaker & organizer for the Open Source Security Foundation info booth at 2023’s largest Java Conference in North America.
If you search for “How to Automate SBOM Creation” you’ll find a huge number of results. As a software engineer, I personally get frustrated by those results almost instantly. Instead of telling me how to automate the creation of my SBOM, most of them spend half the article telling me why I should …
In this article, we won’t be going into detail about how the vulnerability came to be or even how to patch it (in short: upgrade to the latest). Instead, we’ll be taking a quick look at what an exploit against these two new issues could be able to do- and compare it to two other common dependency …
I was in a discussion thread with folks from Cloud Native Computing Foundation and Kubernetes today, and this phrase came up again. The context was something along the lines of… “we’re afraid that will encourage low-quality contributions.” Let’s dig in to this.
Becoming a new contributor to open source software is one of the biggest obstacles I watch people hit regularly. I’ve seen a hundred false starts from recent grads and even people who have been working in tech for years. The obstacle is consistent, but the solution isn’t always simple.
Interview with Mike Vizard about deploying software to highly regulated environments.
Formally recognized for guiding leaders to restructure their open source project in a way that increased efficiency, streamlined communication, and enabled diverse contributors to reach their full potential.
Eddie Knight and Lee Faus recieved a Community Spotlight for their collaboration to push forward the Compliant Financial Infrastructure project.
