|
|
|
|
“It changes the way you can run containers. People want to run containers on the task level.”
|
|
|
Devs Care About Security, But More Than the InfoSec Team?
Presenting developers as lazy about security is unfair. In fact, a recent DZone survey of 540 developers about application security indicated 54 percent think that they, the developers, should be responsible for security. If you’re a security pro, you probably just groaned.
Developers care about security, just not to the same degree as their information security counterparts. Security is just one of many considerations for developers, while the InfoSec team is continuously focused on testing and compliance. In fact, according to the same DZone survey, 60 percent said that release schedules have overridden security concerns at their organization.
The SANS Institute’s " 2017 State of Application Security: Balancing Speed and Risk" provides more perspective with its survey of 214 IT professionals, two-thirds of which work in security-focused roles. When asked about the top challenges to implementing applications security to production systems, the top response was “bridging the gap between software development, security and compliance.” The second most cited was “silos between security, development and business units.”
It appears everyone knows that testing should be integrated into the entire SDLC. Getting everyone to prioritize this is a different story. One of the biggest reasons for the continuing gap is that while testing is more likely to be a security responsibility, remediation falls into development’s laps. According to the SANS Institute report, developers are the most likely to be responsible for taking corrective action, while internal and external security testers focus on identifying problems. There is widespread agreement that communication across job roles can align goals. Another way to improve a company’s security posture could be building cross-functional teams with designations such as DevOps or DevSecOps.
Can organizational and C-level commitment be the panacea for app security? If you know of other data sources showing a link, or lack of, between InfoSec, DevOps and AppDev, please let us know.
|
|
|
At Microsoft Connect earlier this month, we sat down with Joseph Sirosh, corporate vice president of Microsoft’s Cloud AI Platform, to learn more about Microsoft’s AI technologies, including machine learning, cognitive services, the bot framework and how the company is bringing all these capabilities for developers to build applications in cloud with AI.
In this episode of The New Stack Makers podcast, Sirosh explained what machine learning, artificial intelligence and deep learning mean outside the dystopian description we see in science fiction movies.
|
|
Expanding Horizons
This month, we welcome Libby Clark into the TNS fold as our new editorial director. Libby is a top-notch editor with 15 years of experience who has already shown her leadership in the first few weeks she has been at The New Stack. Libby comes from The Linux Foundation where she led content strategy. She will be managing our entire editorial operation, overseeing the news organization and our sponsored editorial services.
Additionally, Libby will play a visible and public role for The New Stack. With her as host, our The New Stack Context podcast will be relaunched as a forum to recap the week’s most pertinent stories in our community. You might remember, we first launched Context with Scott Fulton as host, who has moved on to write about scale and data center technology for ZDNet.
Libby will host and moderate the show which we will recast as a roundtable of editors and writers from The New Stack and elsewhere to give context and perspective about the narratives that marked the week past. We’ll livestream it and podcast it, too. Look for it soon. We’ll be touting it.
|
|
|
At its annual re:Invent user conference, being held this week in Las Vegas, Amazon Web Services today made the much-anticipated plunge into supporting the Cloud Native Computing Foundation’s Kubernetes open source container orchestration engine. The company also introduced a new managed container service, a new graph database and a “serverless database,” based on the company’s Aurora (MySQL) database architecture.
|
|
|
The Turku, Finland-based Valohai bills itself the “GitHub of machine learning,” setting itself apart by not only offering machine learning Infrastructure as a Service but focusing on collaboration and ML team workflows.
|
|
|
|
JPL’s Tomas Soderstrom talking AI at Amazon Web Service’s re:Invent conference this week in Las Vegas.
|
|
|
Chef’s VP Vikram Ghosh and Accelerite CEO Nara Rajagopalan (R), at a Mindshare PR AWS party.
|
|
|
|
Amazon Web Services head of AI Matt Wood and TechCrunch’s Frederic Lardinois (R).
|
|
|
DECEMBER 6-7, 2017 // AUSTIN CONVENTION CENTER
KubeCon+CloudNativeCon
Wednesday Day of Podcasting – Kubernetes is already well established, but what’s in store for the overall cloud-native community, portability, interoperability and the projects that continue to mature? What will be the future beyond Kubernetes 1.9?
Thursday Day of Podcasting – The increased relevance of persistent data and storage reflects on a maturing container ecosystem. Meanwhile, orchestration technologies are commoditized and that means lots of questions about what truly offers customers the value add that they need build out production environments. Join us at KubeCon + CloudNativeCon as we discuss these important topics in a series of podcasts with {code} and leading technologists from the open source community.
|
|
|
DECEMBER 6-7, 2017 // AUSTIN CONVENTION CENTER
KubeCon+CloudNativeCon
Wednesday Pancakes – What is service mesh technology, why are we hearing about it and why should we care? Sponsored by Buoyant.
Thursday Pancakes – Evolving Patterns in Kubernetes and Cloud Native Technologies. Sponsored by Alcide and Chef.
|
|
|
Kubernetes emerged from a need to run cloud-native applications on a massively scaled network, and that’s exactly what it’s enabling its growing user base to do. The demand for platforms that can run web-scalable workloads means Kubernetes is increasingly under consideration by IT engineering teams, and many will choose to adopt the project.
This ebook serves as a primer for both newcomers, assessors and implementers who are looking to make the most of the ecosystem of products and services emerging around Kubernetes. We also go well beyond the basics and explore where Kubernetes fits into the DevOps pipeline, how to overcome production challenges, and considerations for Kubernetes adopters.
|
|
|
|
We are grateful for the support of our ebook foundation sponsor:
|
|
|
|
|
|
|
|
|
