Speaker: Brian Dawson

Last episode of Season 2 wraps up with a bit of history behind the DevOps movement and it's connection to open source and finishes with predictions on where the DevOps movement is heading in 2022.

Speakers: Dina Graves Portman and Henrik Rexed

Through six years of research, the DevOps Research and Assessment (DORA) team has identified four key metrics that indicate the performance of a software development team: 

• Deployment Frequency—How often an organization successfully releases to production
• Lead Time for Changes—The amount of time it takes a commit to get into production
• Change Failure Rate—The percentage of deployments causing a failure in production
• Time to Restore Service—How long it takes an organization to recover from a failure in production

Speaker: Aeva Black

With the explosion of interest in SBOMs, it's likely that you've just heard of a few projects for the first time -- even if those projects aren't new, they may be new to you, and you might be asking yourself, "how is X different from Y?" You might also be wondering which projects you should select in order to satisfy the requirements of the Executive Order!

As when starting out on any journey, before entering unfamiliar territory, it is important to understand the lay of the land, pack the right supplies, and get to know your traveling companions.

In this talk, a few maps of the open source supply chain landscape will be shared. Attendees will gain a sense of both the breadth and depth of the challenges ahead, and learn to identify a few essential types of tools for their journey.

Speaker: Ayelet Sachto

Learn the considerations and strategies that can make designing for reliability in production more intentional; going beyond infrastructure into operational practices and best practices for application design and operational readiness when designing an application for production.  In this episode learn more about why & what of reliability, antipatterns and principles that about building reliable systems. 

Speaker: Spyridon Maniotis

The session aims to provide an overview of the fundamental elements that foster a successful SRE adoption. Core to an SRE adoption elements such as; operating model, tenets, process engineering, skillset, technological capabilities/tactics, reconciliation with DevOps and ITSM, as well mechanisms such as "error budget" & "engagement models" will be outlined. All in relation to an "adoption at relevance". Concluding a set of lessons learned will be presented, along with key considerations to be taken when adopting, sustaining, and scaling.

Speaker: Trevor Rosen

As you're no doubt aware, SolarWinds was hit in December 2020 with a sophisticated supply chain attack perpetrated by nation state actors. In the months since, they've been working to create an entirely new build system based on a number of CNCF and CDF projects. In this talk, you'll learn about what they're building, why it's necessary, and what it's like to be on the inside when the unthinkable happens.

Speaker: Dan Lorenc 

SupplyChainSecurityCon is a new, vendor-neutral conference for security practitioners, open source developers and those interested in software supply chain security hosted by CNCF + CDF. Due to the uptick in supply chain attacks, this event is to bring the community together to discuss supply chain threats, best practices, mitigation tactics including up and coming frameworks and specifications. 

Who Should Attend
All developers and leaders interested in securing the software supply chain.
https://events.linuxfoundation.org/supplychainsecuritycon-north-america/

Speaker: Michael Friedrich

Continuous integration and delivery/deployment helps speed up development and review workflows. Developers can focus on code reliably tested in different environments. At some point, the operations team gets paged on broken pipelines and jobs being stuck. On top, the security audit unveiled plain text secret exposure and dependency exploits. The next horror story: The software cannot be deployed anymore because package dependencies are broken. In this talk we hear stories on making CI/CD pipelines more reliable and secure. Automated deployments and package/container repositories can help avoid redundant cycles and extra work hours. Monitoring/observability combined with automation ensures to sleep in busy on-call times. Learn how Dev meets Sec and Ops in the pipelines and hear best practices on efficiency, iteration and insights.