Title: Untangling the -Ops: DevOps, GitOps, DevSecOps, FinOps, and beyond
Global Director Open Source SME and COI
Wipro Open Source Program Office
As the industry has evolved over the last two decades, the importance of streamlining and improving operations practices to meet the demand has continued to change as well. Organizations, open source communities and traditional vendors have all worked to solve the complexities that come with application development and infrastructure provisioning through automation and variant frameworks to improve efficiency and reduce cost/time to market. While there are a lot of successes in this area, what has become more and more difficult for organizations is the ever increasing available Ops variants, such as DevOps, DevSecOps, GitOps, FinOps, AIOps, etc, and how to determine which one best fits their needs. In this discussion we will examine many of the variant XxxOps solutions that exist today to provide clarity to what each can do for your organization, and considerations when selecting the best fit for your strategic vision.
Eric is the Global Director of Technical Consulting and COE Lead for the Wipro Open Source Program Office(OSPO). He provides strategic consulting services and leads the OSPO SMEs to assist clients with strategic planning, transformation, and the development of custom solutions using open source technologies. Eric has a rich experience of over 20 years in the IT industry and has played varied roles such as that of developer, solution architect, enterprise architect and Manager. His interest in open source and automation goes back to his developer days and over the years he has gained considerable tact and expertise in leveraging open source to deliver business value and drive business agility for customers. Eric is a thought leader in areas such as DevXOps, observability and open source governance.
The world is becoming more and more digital in nature. Devices, businesses, and humans all are connected through digital channels, applications, and APIs. In this session we will explore how this new world of interconnected entities has been made possible in large part by the omnipresence of open source technologies, and how these technologies are an integral part of almost everything we see, touch and use today. We will see how the communities fuelled by diversity, collaboration, and global distribution have played a significant role in this evolution of our society.
Gilles is Director and a senior open source strategy advisor in Wipro's Open Source Program Office. Based in Geneva, Switzerland, he provides open source and blockchain strategy consulting and advisory services to Wipro's key customers worldwide.
He has a pragmatic approach to open source, and regularly advises global companies, start-up, and venture capitalists on open source strategy, licensing issues, business models... He also believes strongly that blockchain technologies will be a natural part of the IT landscape of the coming decades, enabling a collaborative and distributed services world. He is also a user of Bitcoin and is convinced that crypto currencies will be key to tomorrow's shared economy models.
Prior to that, Gilles was Director of Product Management for the Quantum-Safe Network Encryption Solutions (including Quantum Key Distribution Servers) product lines, as well as for the Quantum Random Number Generators, at ID Quantique, a company that is the leader in high-performance multi-protocol network encryption, based on conventional and quantum technologies, and aiming at providing future-proof encryption for data requiring long term protection.
During his career, Gilles has always been involved in both security and open source. In particular in roles such as Chief Technology Strategist for Security and Open source at Sun Microsystems, advising the largest accounts globally on their IT security strategy as well as their open source activities. He moved on to develop global market and business development strategies for open source and security in the public sector still at Sun and then Oracle. He has been active as a technology evangelist, in particular for these companies, around cryptography, DRM, open source and open standards.
Many large-scale software providers use open source software as a base for their features and products. This means that a complicated piece of software contains many different components which have been sources from various places in a typical open source scenario. However this ideology is sometimes prone to different attacks.
Attackers are constantly exploring new potential highways to infiltrate organisations by targeting their suppliers. Moreover, with the almost limitless potential of the impact of supply chain attacks on numerous customers, these types of attacks are becoming increasingly common.
Report reveals that an organisation could be vulnerable to a supply chain attack even when its own defences are quite good. Supply chain attacks are real and they are happening. Solar Wind is just a recent example. We will take a look at how supply chain attacks are different from other forms of breaches like ransomware/malware etc and how we can prevent them. We will also look at some of the recent flaws which could potentially be used to cause supply chain attack.
Huzaifa Sidhpurwala is a Principal Product Security Engineer working with Red Hat Product Security Team for the last ten years. He has been involved with most high profile security issues like Heartbleed, Shellshock, etc. He is a part of various open source security teams/groups like The Mozilla Project, WebKit, PHP, Python, LibreOffice, Samba, MariaDB, Xorg, etc. Huzaifa is a regular contributor to the Fedora project for the last ten years.
According to the 2021 Sonatype State of the Software Supply Chain report, in 2021 the world was ravaged by a 650% increase in software supply chain attacks. In reaction, the United Nations and governments all over the world launched or reinvigorated initiatives around software supply chain risk management.
Obviously your open source software supply chain is something that bears more attention, but what exactly is it, how can you learn more about it, and how can you reduce the risks involved with it?
This session will introduce you to important concepts in software supply chain management, including:
- Common approaches for learning about your open source software supply chain
- Potential risks hiding in your supply chain
- The Discover->Analyze->Remediate cycle
VM (Vicky) Brasseur spent most of her twenty-plus years in the tech industry leading software development departments and teams, providing corporate strategy, technical management, and leadership consulting for businesses, helping companies understand, use, release, and contribute to free and open source software in a way that’s good for both their bottom line and for the community.
She is the author of Forge Your Future with Open Source, the first and only book to detail how to contribute to free and open source software projects. The book is published by The Pragmatic Programmers and is available at https://fossforge.com.
Vicky has been a moderator and author for opensource.com, an author for Linux Journal, the Vice President of the Open Source Initiative, and is a frequent and popular speaker at free/open source conferences and events. She’s the proud winner of the Perl White Camel Award (2014), the O’Reilly Open Source Award (2016), and two Opensource.com Moderator’s Choice Awards (2018, 2019).