Developers and Application Security: Who is Responsible?
LISA: Where systems engineering and operations professionals share real-world knowledge about designing, building, and maintaining the critical systems of our interconnected world.
The LISA conference has long served as the annual vendor-neutral meeting place for the wider system administration community. The LISA14 program recognized the overlap and differences between traditional and modern IT operations and engineering, and developed a highly-curated program around 5 key topics: Systems Engineering, Security, Culture, DevOps, and Monitoring/Metrics. The program included 22 half- and full-day training sessions; 10 workshops; and a conference program consisting of 50 invited talks, panels, refereed paper presentations, and mini-tutorials.
Mark Miller, Sonatype
In early 2014, an alliance of security organizations including Cigital, DevOps Weekly, DevOps Days, HP, Sonatype, DevOps Cafe and the Trusted Software Alliance sponsored a study to determine who is responsible when it comes to security within the development lifecycle. We will present the results of our findings. The presentation will include open discussion with sponsors of the survey, highlighting some of the disturbing findings and how we can begin to build security assurance into the SDLC.
Each attendee will receive a copy of the survey along with analysis notes.
Over the past year, I have become more concerned about software vulnerabilities we unknowingly allow into our homes and lives. What are the implications of networking our kitchen appliances, embedding open source components into everything that we touch? Why are we allowing unmoderated access to our personal information just to play simple games on our mobile devices? What does it mean to have unmonitored computer components running your car? Who is managing and validating the components that now make up 90% of most major software applications?
I am building a community of DevOps and AppSec practitioners that acknowledge these issues through the use of multiple platforms (video, podcasts, surveys, advocacy programs) to promote the active monitoring of open source, component based projects.
Mark Miller, Sonatype

Over the past year, I have become more concerned about software vulnerabilities we unknowingly allow into our homes and lives. What are the implications of networking our kitchen appliances, embedding open source components into everything that we touch? Why are we allowing unmoderated access to our personal information just to play simple games on our mobile devices? What does it mean to have unmonitored computer components running your car? Who is managing and validating the components that now make up 90% of most major software applications?
I am building a community of DevOps and AppSec practitioners that acknowledge these issues through the use of multiple platforms (video, podcasts, surveys, advocacy programs) to promote the active monitoring of open source, component based projects.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

author = {Mark Miller},
title = {Developers and Application Security: Who is Responsible? },
year = {2014},
address = {Seattle, WA},
publisher = {USENIX Association},
month = nov
}
connect with us