63 subscribers
התחל במצב לא מקוון עם האפליקציה Player FM !
פודקאסטים ששווה להאזין
בחסות


1 Throwing good parties and building community (w/ Priya Parker) 38:16
Does your DevSecOps Pipeline only Function as Intended?
Manage episode 352427935 series 1264075
Understanding and articulating cybersecurity risk is hard. With the adoption of DevSecOps tools and techniques and the increased coupling between the product being built and the tools used to build them, the attack surface of the product continues to grow by incorporating segments of the development environment. Thus, many enterprises are concerned that DevSecOps pipeline weaknesses can be abused to inject exploitable vulnerabilities into their products and services.
Using Model Based Systems Engineering (MBSE), a DevSecOps model can be built that considers system assurance and enables organizations to design and execute a fully integrated DevSecOps strategy in which stakeholder needs are addressed with cybersecurity in all aspects of the DevSecOps pipeline. An assurance case can be used to show the adequacy of the model for both the pipeline and the embedded or distributed system. While builders of embedded and distributed systems want to achieve the flexibility and speed expected when applying DevSecOps, reference material and a repeatable defensible process are needed to confirm that a given DevSecOps pipeline is implemented in a secure, safe, and sustainable way.
What Attendees will Learn:
- an approach to evaluate and mitigate the risk associated with attackers exploiting DevSecOps pipeline weaknesses and vulnerabilities
- how to structure an assurance case around the core capabilities of a DevSecOps pipeline
166 פרקים
Manage episode 352427935 series 1264075
Understanding and articulating cybersecurity risk is hard. With the adoption of DevSecOps tools and techniques and the increased coupling between the product being built and the tools used to build them, the attack surface of the product continues to grow by incorporating segments of the development environment. Thus, many enterprises are concerned that DevSecOps pipeline weaknesses can be abused to inject exploitable vulnerabilities into their products and services.
Using Model Based Systems Engineering (MBSE), a DevSecOps model can be built that considers system assurance and enables organizations to design and execute a fully integrated DevSecOps strategy in which stakeholder needs are addressed with cybersecurity in all aspects of the DevSecOps pipeline. An assurance case can be used to show the adequacy of the model for both the pipeline and the embedded or distributed system. While builders of embedded and distributed systems want to achieve the flexibility and speed expected when applying DevSecOps, reference material and a repeatable defensible process are needed to confirm that a given DevSecOps pipeline is implemented in a secure, safe, and sustainable way.
What Attendees will Learn:
- an approach to evaluate and mitigate the risk associated with attackers exploiting DevSecOps pipeline weaknesses and vulnerabilities
- how to structure an assurance case around the core capabilities of a DevSecOps pipeline
166 פרקים
כל הפרקים
×
1 An Introduction to the MLOps Tool Evaluation Rubric 1:00:23

1 The State of DevSecOps in the DoD: Where We Are, and What’s Next 58:42

1 I Spy with My Hacker Eye: How Hackers Use Public Info to Crack Your Creds 57:16

1 A New Performance Zone for Software for National Security 1:02:23

1 Identifying and Mitigating Cyber Risk 47:33

1 Cyber Maturity Model Certification (CMMC): Protecting the Nation’s Defense Industrial Base 28:02

1 Threat Hunting: What Should Keep All of Us Up at Night 57:09

1 Can a Cybersecurity Parametric Cost Model be Developed? 56:25

1 Elements of Effective Communications for Cybersecurity Teams 34:00

1 Operational Resilience Fundamentals: Building Blocks of a Survivable Enterprise 52:07

1 Cybersecurity Priorities in 2025 32:21

1 Understanding the Need for Cyber Resilience: A Conversation with Ray Umerley 53:02

1 Exploring the Fundamentals of Counter AI 27:57

1 Cyber Challenges in Health Care: Managing for Operational Resilience 53:37

1 Independent Verification and Validation for Agile Projects 1:02:23

1 Generative AI and Software Engineering Education 1:02:05

1 Secure Systems Don’t Happen by Accident 59:08

1 Can You Rely on Your AI? Applying the AIR Tool to Improve Classifier Performance 38:50

1 Using a Scenario to Reason About Implementing a Zero Trust Strategy 1:02:22

1 Ask Us Anything: Supply Chain Risk Management 41:11

1 The Future of Software Engineering and Acquisition with Generative AI 1:32:10

1 Cyber Supply Chain Risk Management: No Silver Bullet 38:40

1 Ask Us Anything: Generative AI Edition 1:30:37

1 Evaluating Trustworthiness of AI Systems 1:02:08

1 Leveraging Software Bill of Materials Practices for Risk Reduction 1:02:03

1 Institutionalizing the Fundamentals of Insider Risk Management 56:33

1 What’s Wrong with ROI for Model-Based Analysis of Cyber-Physical Systems? 56:06

1 Will Rust Solve Software Security? 53:38

1 Top 5 Challenges to Overcome on Your DevSecOps Journey 1:00:36

1 Improving Analytics Using Enriched Network Flow Data 1:02:25
ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.