Don’t Expect Developers to be Security Experts!

Track: Security
Abstract
Developers are not security experts! Why not? And should they be?

We’re still learning — sometimes through trial and error — the best way to tackle security issues that won’t negatively interfere with delivering functional (and secure) software.

One thing is sure, there is only a subset of prevention and mitigation strategies that make sense to put on a developer’s plate. Even then, assuming all devs are equipped to handle this additional workload is unreasonable.

Melissa will define common security related terms and lingo; share typical places to shore up applications when it comes to dependencies, packaging, and supply chain concerns; and discuss the plethora of scanning tools available today and how they actually work. Learn how to integrate a measure of security that makes sense in existing development processes and how to introduce a security culture to your team in a healthy way without exhausting your developers.
Melissa McKay
Melissa is passionate about Java, DevOps and Continuous Delivery. She is currently a Developer Advocate for JFrog, serves on the Continuous Delivery Foundation TOC and is a Co-Chair of the Interoperability SIG. She loves sharing her knowledge with the community as a developer, speaker, and author. Melissa has been recognized as a Java Champion and Docker Captain, is an international speaker at numerous events including KubeCon and DockerCon, and is co-author of the O'Reilly title, DevOps Tools for Java Developers.