- Build a source repo
- Build a sample pipeline using open source tools
- Pause the pipeline with a CI orchestration tool such as Jenkins
- Break the build with integrated security tools
- Trigger out-of-band activities within the pipeline
- Work with the Metrics dashboard using SonarQube
- Deploy an application to the cloud
- Impacts on SSI/SSG budgeting and people due to digital transformation, cloud, and DevOps
- Moving forward across people, process, and technology from a “traditional” SSI/SSG to a new partnership with Engineering
- How to show that you’re succeeding—soft and hard metrics
- Group choice
Tech Track Day, October 21
For this year’s Tech Track Day, Oct. 21, you can choose to attend either a technical session or an executive workshop from 9 a.m. to 4 p.m., ahead of the conference’s opening reception. The sessions will be led by Synopsys-sourced instructors. All 2019 BSIMM Community Conference attendees are invited to add this day to their registration. View registration details here or continue reading to learn more about each track.
Choice 1: Technical Session
CI/CD Workshop: Implementing a Secure Pipeline
Over the past decade, we’ve seen a shift from waterfall to agile to CI/CD and DevSecOps. As integration tools, both open source and commercial, and infrastructure-as-code have evolved, the way we develop and maintain our applications has significantly changed. At the same time the development process has made this shift many software professionals have gradually changed their role from hands-on development to managing development and security, thus we haven’t had the opportunity to fully understand this new way of developing software. This CI/CD workshop is an introductory course aimed at giving participants hands-on experience building a pipeline from start to finish. During the course of the workshop students will:
Requirements: The hands-on labs will walk you through building and deploying an application in a CI/CD pipeline. You will need laptop or VM with the ability to install software.
Choice 2: Executive Workshop
Developing Strategy for Managing Change
BSIMM10 data show that digital transformation is having a profound impact on how firms are getting software security done. What used to be human-driven is now becoming bot-driven. What used to be seen as manual tasks are now approached with an automate-first mindset. What used to be written into a document is now written in code. Many engineering teams have moved into a DevOps culture and are beginning to do “software security” within their teams according to their views on priorities and risk management—often aimed at feature velocity and resiliency, not corporate risk management and compliance. SSI leaders everywhere are working to adapt their existing solutions or implement new approaches to better align their software security capabilities with both the speed and the manner in which business functionally is released.
This group discussion will focus on issues, tools, approaches, and the day-to-day realities of building bridges and driving change in today’s SSIs.
Join your colleagues in exploring how you, as SSG leaders, are managing the chaos to find practical ways to do software security faster, cheaper, and smarter in cadence with engineering. Let’s have a guided but unscripted discussion to uncover practical advice and solutions in key topics on the overarching theme of putting “Sec” into DevOps in a data-driven, agile way. The discussion will be facilitated by Synopsys consulting practice leaders, and we’ll capture the results and key takeaways generated and publish them as community guidance.
We’ll break the day into four 75-minute sessions. We’ll start with these suggested topics, but we’ll go where the conversation takes us:
These sessions will incur a separate fee, $1,000 for the day. This price includes hotel accommodations the night of Oct. 20, and breakfast and lunch on Oct. 21 during the sessions. Complete your registration here.