A Gentle Introduction to AI & ML For Developers

Artificial Intelligence and Machine Learning is not all that new. But it might be new to you! And the explosion of tools and resources around AI/ML that have flooded the ecosystem might be overwhelming.

Many developer conferences have introduced an AI/ML track, and without a basic foundation, it might be difficult to absorb a lot of this type of content. Given the rapid developments over the past few years, even if AI/ML development isn’t part of your “day” job, you may be surprised at how much you already use it — and how much you could benefit if you knew how to harness it.

This session is intended to encourage those late to the game to finally see what all the fuss is about. You will get an introduction to the main concepts, get caught up on the lingo, and will leave empowered to tinker on your own with publicly available models and data sets.

Hackers Know What You Have Running In Production. Do You?

Over 80 percent of code used in enterprise applications comes from open source dependencies, but how much attention goes towards the provenance and security of those packages? And in the pursuit of accelerated software development, developers are leveraging more and more libraries, so how do you prevent defects or malicious payloads from compromising the security of your production applications?

Securing the software supply chain is a huge undertaking for the entire tech industry. As an example of how to address production security issues, we'll explore a practical use case of applying blue/green deployments to mitigate a security issue.

How Do I Build Thee? Let Me Count The Ways!

Docker, Podman/Buildah, Kaniko, Buildpacks, Maven and Gradle plugins, and of course, manually. What are the pros and cons of these tools and how do they actually work? Leave this session with a better understanding of container image building and the expertise to confidently choose a build method for your environment.

Building cloud native applications generally implies the development of container images for portability, scalability, and ease of use in Kubernetes and other orchestration environments. Understanding the mechanics of your build is essential to protecting against inefficiency and unexpected behavior from your application running in production. Build tools are meant to ease your workload, and learning how to use them appropriately in your CI/CD process is arguably even more important than your tool choice. This session will walk through the different methods and tools available for building your container images and how to integrate them successfully into your software development pipeline.

Software Delivery and the Rube Goldberg Machine: What Is the Problem We Are Trying to Solve?

The Software Delivery Lifecycle can be complicated. Depending on your architecture and your particular deployment environment, your team may find themselves cobbling together numerous different tools and frameworks. Each tool comes with its own history and is intended to solve a subset of issues. Sometimes teams find creative ways to use tools outside of their original purpose. The end goal is to ease the process, secure, deliver, monitor, reflect, make changes, and repeat. It’s a cycle of continuous improvement. This session will discuss some of the common problems that teams face during the development and delivery process, and how organizations come together to address them. You will leave empowered and with a call to action to become part of the solution.

30 - 45 mins
General, DevOps

Taming the Wild World of Open Source

Are you consuming open source responsibly?

Knowing the benefits AND risks associated with open source are crucial to its responsible use and successful integration. Many developers are happy to consume open source libraries because they fit a need at the time and most of us do not wish to reinvent the wheel. Instead, we want to spend our efforts on innovation and the creation of NEW software! But when deciding to utilize open source, there are essential things for developers to know -- first and foremost: not all open source is created equal!

In this session, Melissa will dive into the details of how the sausage is made so that you can better evaluate projects you choose to consume. You will be able to assess licensing concerns, security concerns, as well as maintainability. If you are interested in contributing to open source, you will learn contributor's first steps and what is behind the founding and maintenance of open source projects. Melissa will also share what she has learned as a member of the Continuous Delivery Foundation (CDF) Technical Oversight Committee (TOC) about the valuable role that foundations take in ensuring the wellbeing of open source projects. She will give you the background and insight you need to discern a healthy versus unhealthy project culture.

Leave this session empowered with the information you need to make an argument for (or against!) utilizing open source libraries in your current development project.

Dear Developers, Zero CVEs != Secure Software

Mindlessly playing whack-a-mole using CVE databases is an inefficient use of a developer's time. And even if you manage to proudly proclaim zero vulnerabilities, it is still possible that your software isn't as secure as you want it to be. The security of your software goes beyond simple compliance.

During this session, Melissa will explain and provide real-world examples of the various types of security issues outside of CVEs that developers must be aware of and must consider when developing and deploying cloud-native apps.

She will share insights on how to evaluate the plethora of scanning tools available today, and about existing programs and education offered through the Linux Foundation, the OpenSSF, and OWASP. Most importantly, leave this session knowing how to make the most out of "shift-left" security and how to shore up your applications when it comes to resolving dependencies, packaging, and deploying your cloud-native applications.