GOTO Amsterdam (June 13-15, 2016) is a vendor independent international software development conference with more than 60 top speakers and 800 attendees. The conference covers topics such as Microservices, Rugged, JavaScript, Post-Agile, Data, Spring++, Connected Worlds & Philosophy.

<< previous speaker next speaker >>

Joshua Corman, CTO at Sonatype

Joshua Corman

Biography: Joshua Corman

Joshua Corman is the Chief Technology Officer for Sonatype. Previously, Corman served as a security researcher and strategist at Akamai Technologies, The 451 Group, and IBM Internet Security Systems.

A respected innovator, he co-founded Rugged Software and IamTheCavalry to encourage new security approaches in response to the world's increasing dependence on digital infrastructure. Josh's unique approach to security in the context of human factors, adversary motivations and social impact has helped position him as one of the most trusted names in security.

He is also an adjunct faculty for Carnegie Mellon's Heinz College, IANS Research, and a Fellow at the Ponemon Institute. Josh received his bachelor's degree in philosophy, graduating summa cum laude, from the University of New Hampshire.

Twitter: @joshcorman

Presentation: Even Faster: How Rugged DevOps & SW Supply Chains Attack Developer Waste

Track: Security & Rugged / Time: Wednesday 10:20 - 11:10 / Location: Graanbeurszaal

With continuous development, we write less code and consume more re-usable open source code. We are getting faster and more efficient. But this innovation also accelerates complexity and complexity is the enemy of quality. Poor quality creates unplanned/unscheduled work. Re-work creates a drag on development speed. It’s a continuous loop.

Couple this complexity with the fact that this past year was open season on open source. Heartbleed, Bash Bug, Shellshock… For many it took days, weeks, even months to determine if they were impacted, where they were impacted and then make the appropriate fixes. That’s a lot of unplanned work. And those are just the vulnerabilities that made the headlines.

The good news: other industries have figured this out with supply chain management. Applying supply chain approaches to software raises the bar on continuous goals.

A few of the patterns we can take from the rigor of things like the Deming and Toyota Supply Chain:

  • Scrutinize the number and quality of your "suppliers" - and highest quality parts from those suppliers
  • Improve traceability and visibility
  • Ensure prompt agile responses when things go wrong

Josh will show that you can deliver applications on-time (even faster), on-budget (even more efficiently) and with a natural byproduct of higher quality and less risk by embracing supply chain principles as you embrace micro-services, containers, and continuous everything...

Prerequisite attendee experience level: beginner, but it is helpful to know a bit about application security and why it tends to cause cost and friction for Development and Operations.