GopherCon 2019 - Trusting Your Ingredients

I spoke at a Gopherfest meetup about the Go Programming Language. Together with an awesome colleague (Miguel Torres) we talked about Project Flogo and the lessons we learned building it.

As a developer, I’ve written code and built apps, and I realized that building apps and creating a cheesecake have a lot in common. In both cases you need to have the right ingredients, you need to trust your suppliers and have transparency in your production process. I got to go to Atlanta and meet with the Docker Meetup Group there, where we got to talk about In this talk, how you can, and why you should, know what is in the app you deploy.

At the Twistlock Cloud-Native Security Day, a co-located event at KubeCon 2019, I got to talk about what cheesecake and building apps have in common. As a developer you’re responsible for the security of your app. Security in this case should be seen in the broadest sense of the word, ranging from licenses to software packages. A chef creating cheesecake has similar challenges. The ingredients of a cheesecake are similar to the software packages a developer uses. The preparation is similar to the DevOps pipeline, and recipe is similar to the licenses for developers. Messing up any of those means you have a messy kitchen, or a data breach! In this talk we’ll look at: Why do we care about licenses? How does Sec get into the early stages of DevSecOps? What can chefs and devs learn from each other?