• Aucun résultat trouvé

Experiences with Continuous Deployment and Software Security in Google, Netflix, Facebook and others

N/A
N/A
Info
Télécharger
Protected

Academic year: 2022

Partager "Experiences with Continuous Deployment and Software Security in Google, Netflix, Facebook and others"

Copied!
1
0
0

Chargement.... (Voir le texte intégral maintenant)

Texte intégral

(1)

Experiences with Continuous Deployment and Software Security in Google, Netflix, Facebook

and others

Laurie Williams

North Carolina State University, Raleigh, North Carolina, United States

Abstract. Continuous deployment is the software engineering practice of deploying many small incremental software updates into production, leading to a continuous stream of 10s, 100s, or even 1,000s of deploy- ments per day. High-profile Internet firms such as Amazon, Etsy, Face- book, Flickr, Google, and Netflix have embraced continuous deployment.

However, the practice has not been covered in textbooks and no scien- tific publication has presented an analysis of continuous deployment.

This talk will relate experiences from the Continuous Deployment Sum- mit, which has been run annually from 2015 to 2017. We will present a security integration checklist focusing on Communication, Culture and Technology, where we conclude that the summit participants get a green light for Technology, amber for Culture, and a red light for Communica- tion.

Keywords: security, continuous deployment, DevOps

Acknowledgements

We thank the summit participants for their contribution. The work in this paper was funded under National Science Foundation grant number 4900-1318428.

Copyright2017 by the paper’s authors. Copying permitted for private and academicc purposes.

In: M.G. Jaatun, D.S. Cruzes (eds.): Proceedings of the International Workshop on Secure Software Engineering in DevOps and Agile Development (SecSE 2017), published at http://ceur-ws.org

Références

Télécharger maintenant ( PDF - 1 Page - 97.04 KB )

Documents relatifs

A Exploratory Study on R&D Strategies in Industrial Technology Security

As a result, we designed the control system for different types of portable storage devices, integrated security system for industrial technology documents, high-performance

Ontology Learning: Where are we? And where are we going?

In addition to per- formance considerations, ontology learning tools need to be fully integrated into the knowledge engineering life-cycle, working in the background and providing

Models for drug absorption from the small intestine: where are we and where are we going?

Among these models, intestinal perfusion is the most common experiment used to study the in vivo drug permeability and intestinal metabolism in different regions of the

We Have Met Technology and It Is Us

transformed, not only in the direct practical way of becoming cultivated, or shaped into objects of use in the embodied artifacts we call tools…it becomes transformed as an object

S. KAxNTOR ~We have first raised a dust and lhen compaifl, that we

~ber 5 willkiirlichen Punkten des R.~ gibt es eine Gruppe yon 32 (involutorischen) Transformationen, welche auch in jeder anderen iiber irgend 6 besonderen

What Do We Know about Software Security Evaluation? A Preliminary Study

Related to the descriptions of the properties and evaluations extracted, we captured the level of applicability between them, as they were described in the papers: most commonly

A Survey of Continuous Integration, Continuous Delivery and Continuos Deployment

The paper “Continuous Integration, Delivery, and Deployment: A Systematic Review on Approaches, Tools, Challenges, and Practices” does a great job in explaining tools, approaches,

A continuous integration system for MPD Root: Deployment and setup in GitLab

to replicate MPD Root’s organisation of source code storage on a separate server: to set up GitLab CE (the version control server) and to clone the MPD Root repository thereto;..