David Misell, Treasure of the DevSecOps Specialist Group
DevOps has been recognised by various BCS groups (CM, AGILE, PROMS-G, Open Source). Perhaps we are attempting to put windows and doors into the shell of a house that is DevOps. You wouldn’t leave the door open if you went on holiday - Hence, DevSecOps. Attend this talk to find out more about Dev Ops!
David is a founder member of the specialist group and one of his current interests is the tool Clair which is used to monitor the security of your containers. It is an API-driven analysis engine that inspects containers layer-by-layer for known security flaws. Using Clair, you can easily build services that provide continuous monitoring for container vulnerabilities. CoreOS believes tools that improve the security of the world's infrastructure should be available for all users and vendors, so the project is open source. Clair is the foundation of the beta version of Quay Security Scanning, a new feature running now on Quay to examine the millions of containers stored there for security vulnerabilities. Quay users can log in to see Security Scanning information in their dashboard, including a list of potentially vulnerable containers in their repositories.
The GCC compiler optimisation option is often at the root of problems. David will describe how fixes can be applied before distribution to users. Currently at least one just fails the build if Docker (a leading software container platform) has vulnerabilities
About the speaker:
David Misell MIET MBCS CISSP , Treasurer, BCS DevSecOps Specialist Group
David Misell wrote a Degree programme based on IETF standards in 1989. Since then he has delivered secure networks for NATO, BT, local and Commonwealth governments. The adoption of military technology and techniques has allowed clients and customers to deliver securely over the hostile internet environment. David has maintained a secure portfolio of High-grade security products and services that actually work.
In 2010, David completed the MSc in Information Security at Royal Holloway University London, with his specialist work on SECURID becoming classified from the day he started it.
He gives about 30% of his time volunteering to improve Critical National Infrastructure and security awareness, and up-skill ex-forces and government people. He recently founded the BCS DevSecOps Specialist Group.