Building secure apps is hard. Securing the entire process of their creation is even harder. You may have the most secure deployment servers in the world, but what use is that if it depends on something built on some developer’s machine which could potentially get compromised a lot easily.
This intends to discuss both real-world and theoretical problems around securing applications.
Topics for talks:
- Supply chain management (Solarwinds, et al.)
- Where to draw the line
App developers are invited to present talks.
--- OLD ---
How does one account of supply chain attacks, and what are some reasonable measures to be taken - where should you draw the line.
At the end of going through the content pieces here, you will learn:
- Best practices for building secure apps.
- “Sane” dependency management.
- Supply chain management (Solarwinds, et al.)
- Code Review practices, for both small teams and large.
- Reproducible builds.
Who should speak/write content?
- App developers
- Release Engineers
- DevSecOps