Slides for our talk at Secure360 2020 can be downloaded here.

Details on the session are posted here: https://secure360.org/session/charles-herring-metric-driven-secdevops/?conference=11809&date=20200505

Agenda

Developing software that changes the world, exceeds customer expectations, provides turn-key functionality in diverse scenarios while meeting security and compliance requirements is the holy grail of Security Development Operations (SECDEVOPS). There are thousands of variables that need to be constantly addressed to find the balance that delivers sustainable and secure success. In this session, WitFoo’s chief engineers will outline an innovative approach to secure devops called Metric Driven Development. It will cover the following topics:
– Creating a metric collection infrastructure to alert on security and functionality deficiencies
– Utilizing metrics to write optimized unit and system tests
– The optimal value of code coverage, application pen-testing and static code analysis
– Integrating metrics into customer support evolutions
– The place of containerization in SECDEVOPS
– Build metric driven use cases from hypothesis to pivot
By the conclusion of the session, attendees will have the tools necessary to implement lean and effective development pipelines that deliver secure and useful code in a fraction of the time and at a fraction of the development cost.Key learning points:

  • Creating a metric collection infrastructure to alert on security and functionality deficiencies
  • Utilizing metrics to write optimized unit and system tests
  • The optimal value of code coverage, application pen-testing and static code analysis

Followup Video on Deep-dive on Metric Generation

Feedback from the session, several people wanted a deeper dive on how to code the metrics. Here is a video demonstration:

References in the deep dive:

Share This