Please note:
On this site, there is only displayed the English speaking sessions of the OOP 2022 Digital. You can find all conference sessions, including the German speaking ones, here.
The times given in the conference program of OOP 2022 Digital correspond to Central European Time (CET).
By clicking on "EVENT MERKEN" within the lecture descriptions you can arrange your own schedule. You can view your schedule at any time using the icon in the upper right corner.
Security is an important topic, especially when developing software. But it is seen as complex and is holding everyone back, often put off until the end and delegated to an external person or group.
To be effective security needs to be a continuous part of the development process and to involve the whole team.
Security games can help to achieve this. They involve the whole team and facilitate the learning and application of security principles. They offer a way to integrate expert knowledge and make security less scary, maybe even fun.
Maximum number of participants: 50
Target Audience: Architects, Developers, Project Leaders, Testers, Security Experts
Prerequisites: General interest in security, basic development experience
Level: Basic
Vortrag Teilen
In today’s software-driven world, the integrity of software assets isn’t just a regulatory and compliance requirement, it’s critical for maintaining trust and avoiding irreparable damage to your brand and reputation. We found that Compliance, Software Chain of custody and in-App Security as well as API Security are seen as an overburdened bureaucracy. But they have to be part of your software value stream. So the question is, how they can be so lean, automated and optimized that they can contribute actual value inside your DevSecOps Approach?
Target Audience: Architects, Developers
Prerequisites: Project development experience
Level: Advanced
Extended Abstract
In today’s software-driven world, the integrity of software assets isn’t just a regulatory and compliance requirement, it’s critical for maintaining trust and avoiding irreparable damage to your brand and reputation.
The same also applies to Quality, In-App Security, and API Security in a more and more digitized world.
In a lot of case studies, we found that Compliance, Software Chain of custody and in-App Security as well as API Security are seen as an overburdened bureaucracy. But in all cases, they have to be part of your software value stream.
So the question is, how they can be so lean, automated, and optimized that they can contribute actual value inside your DevSecOps Approach? In the lecture we provide some key insight in how to solve that dilemma and integrate them into your day-to-day work.
Matthias Zieger ist seit fast 25 Jahren in der IT-Branche tätig – mit Rollen in Soft-wareentwicklung, Architektur, Testautomatisierung, Application Lifecycle Ma-nagement und DevOps für IBM, Borland, Microsoft und codecentric. In den letzten Jahren hat er große Unternehmen dabei unterstützt, ihre Software mit der Relea-se-Orchestrierung und Deployment-Automatisierung von XebiaLabs schneller in Produktion zu bringen – von klassischen Java EE-Umgebungen über Container und Cloud bis hin zu serverlosen Architekturen. Seit zwei Jahren bei Digital.ai hilft er großen Unternehmen, ihre Ziele der digitalen Transformation durch Value Stream Management schneller zu erreichen..
Machine Learning appears to have made impressive progress on many tasks from image classification to autonomous vehicle control and more. ML has become so popular that its application, though often poorly understood and partially motivated by hype, is exploding. This is not necessarily a good thing. Systematic risk is invoked by adopting ML in a haphazard fashion. Understanding and categorizing security engineering risks introduced by ML at design level is critical. This talk focuses on results of an architectural risk analysis of ML systems.
Target Audience: Architects, Technical Leads, and Developers and Security Engineers of ML Systems
Prerequisites: Risk Managers, Software Security Professionals, ML Practitioners, everyone who is confronted by ML
Level: Advanced
Extended Abstract
Machine Learning appears to have made impressive progress on many tasks including image classification, machine translation, autonomous vehicle control, playing complex games including chess, Go, and Atari video games, and more. This has led to much breathless popular press coverage of Artificial Intelligence, and has elevated deep learning to an almost magical status in the eyes of the public. ML, especially of the deep learning sort, is not magic, however. ML has become so popular that its application, though often poorly understood and partially motivated by hype, is exploding. In my view, this is not necessarily a good thing. I am concerned with the systematic risk invoked by adopting ML in a haphazard fashion. Our research at the Berryville Institute of Machine Learning (BIIML) is focused on understanding and categorizing security engineering risks introduced by ML at the design level. Though the idea of addressing security risk in ML is not a new one, most previous work has focused on either particular attacks against running ML systems (a kind of dynamic analysis) or on operational security issues surrounding ML. This talk focuses on the results of an architectural risk analysis (sometimes called a threat model) of ML systems in general. A list of the top five (of 78 known) ML security risks will be presented.
Vortrag Teilen