16:30 - 17:30
In March 2017, hackers took three days to identify and exploit a new vulnerability in Equifax’s web applications. In the post-Equifax world, moving new business requirements (e.g., a non-vulnerable version of Struts2) into production in under three days might just be your new normal. Join this session to better understand how DevSecOps teams are applying lessons from W. Edwards Deming (circa 1982), Malcolm Goldrath (circa 1984) and Gene Kim (circa 2013) to improve their ability to respond to new business requirements and cyber risks. It starts with emphasizing the performance of the entire system and never passing known defects downstream. To that end, DevOps teams are consuming billions of open source components and containerized applications to improve productivity at a massive scale. The good news: they are accelerating time to market. The bad news: many of the components and containers they are using are fraught with defects including critical security vulnerabilities. In this session I will share lessons that Deming employed decades ago to help us accelerate adoption of the right DevSecOps culture, practices, and measures today.