All Things Quality & Security
Over the last year cybersecurity has been pushed to the mainstream media as a critical threat to everyone from threats and vulnerabilities found i our most trusted open source libraries to executive orders demanding more diligent practices to mitigate these risks.
All Things Quality & Security
Open source libraries and frameworks like npm package manager, Log4j and Spring have been a core part of many projects and now are being exposed as potential vulnerabilities causing us all to reevaluate our approach to securing our code. This last year has been an eye opening experience for many as software supply chain security attacks and vulnerabilities have been increasing at an alarming rate. Automation of DevOps components has been a key focus for many companies for years and implemented at some level of maturity successfully.
All Things Quality & Security
Motivation:
As we all know, automated testing is a great way to reduce manual effort since by this means we can leverage automation to replace the execution of tests by a human tester with virtual pipelines. So, we can eliminate not only a huge need for manpower, but also time and cost.
All Things Quality & Security
At first glance, testing may look straight-forward and simple. But not only verifying and validating the specifications, we are supposed to improve the product and the product development processes. Revealing weaknesses and improvement rooms in the product helps us to make our services better, but how about preventing them in the first place?
All Things Quality & Security
Initially:
Solutions:
All Things Quality & Security
How to start worrying and do Software Composition Analysis in a complex YOCTO project.
All Things Quality & Security
Would you eat something where you didn't know the ingredients? Likely not. Then why are you building or running software where you have no idea what is in it? A Software Bill of Materials (SBOM) is an essential artifact that helps 'make known' the dependencies and inputs of a piece of software, essentially an SBOM tells you the ingredients of the software. Do not worry if you have never heard of an SBOM, this presentation will give you both a good understanding of what it is, but also how it can be leveraged. Beyond describing the purpose and value of an SBOM and how it fits into an ov
All Things Quality & Security
Open AQAvit Test Strategy for OpenJDK binaries are based on open, transparent, robust, and adaptable test suites. We are establishing AQA as the comprehensive open quality standard for OpenJDK verification. AQAvit verification demonstrates that the product is a high-quality offering, ready for enterprise usage, and production quality inclusion criteria. It is one of the three requirements for listing at the Adoptium Marketplace.
All Things Quality & Security
There are two types of software engineers - ones who care about static analysis warnings and the ones who don't. This talk shall target both audiences by helping the former be more efficient in their work and the latter by helping them remain oblivious and delegate their work to a responsible software bot.
All Things Quality & Security
Ever seen a security-related issue that you felt should be reported? Unsure of how reporting a security issue is different than a regular bug? Developers of any level should know how to report a vulnerability. In this talk, we will talk about what CVEs are, some general vulnerability classifications, look at a few ways you can report security issues, as well as look at a few common mistakes.
All Things Quality & Security