Speaker
Until February 11:
✓ Transformation Day for free
✓ Team discounts
✓ Save up to £330
Until February 11:
✓ Transformation Day for free
✓ Team discounts
✓ Save up to £330
✓ Transformation Day for free
✓ Raspberry Pi or C64 Mini for free
✓ Save up to €870
Register now
✓ Transformation Day for free
✓ Raspberry Pi oder C64 Mini for free
✓ Bis zu 870€ sparen
Jetzt anmelden
✓ Workshop Day for free
✓ Raspberry Pi or C64 Mini for free
✓ Save over $840
Register now
✓ Workshop Day for free
✓ Raspberry Pi or C64 Mini for free
✓ Save over $840
Register now
Infos
14:45 - 15:30
Studio 3
Description
If we can build software in a reliable, reproducible and quick way at any time using Pipeline-as-Code and have also automated security scans as part of it, how can we quickly capture the risk landscape of agile projects to ensure we didn’t miss an important thing? Traditionally, this happens in workshops with lots of discussion and model work on the whiteboard with boxes, lines and clouds. It’s just a pity that it often stops then: Instead of a living model, a slowly but surely eroding artifact is created, while the agile project evolves at a faster pace. In order to counteract this process of decay, something has to be done continuously, something like “Threat-Model-as-Code” in the DevSecOps sense. See in this talk the ideas behind this approach: Agile developer-friendly threat modeling right from within the IDE using open-source tools. Models editable in developer IDEs and diffable in Git, which automatically derive risks including graphical diagram and report generation with recommended mitigation actions.
This Session belongs to the Diese Session gehört zum Programm vom LondonLondon, New YorkNew York and und MunichMünchen program. Take me to the program of . Hier geht es zum Programm von Berlin Berlin .