NCCoE DevSecOps Workshop
Note the time change to 11 am Eastern Daylight Time
11:00 – 11:15: Introduction to NIST and the NCCoE
- NIST - Kevin Stine
11:15 – 12:15: Federal Government
This session will discuss the current USG initiatives to improve the security of software and software supply chain such as Section 4 of Executive Order 14028 on Improving the Nation’s Cybersecurity and the ONCD Open Source Software Initiative.
12:15 – 12:20: Break
12:20 – 13:20: Industry
This session will look at how companies are implementing DevSecOps practices, both in terms of their own software and any software-related services they provide to other organizations (e.g., SaaS, PaaS). This session will also cover how companies’ current practices can support USG goals to improve the security of software and software supply chain.
- BlackBerry – Takashi Suzuki (Slides)
- Microsoft – Adrian Diglio (Slides)
- Dell – Sam Sehgal (Slides)
- Q&As – Paul Watrobski
13:20 – 13:25: Break
13:25 – 14:25: Open-Source Community
This session will examine the current state of DevSecOps in the open-source community, and will highlight opportunities for industry, government, and others to leverage existing projects, tools, and resources and collaborate with the community on DevSecOps-related efforts.
- Linux Foundation – David Wheeler (Slides)
- Google – Michael Winser (Slides)
- Chainguard – John Speed Meyers (Slides)
- Q&As – Michael Ogata
14:25 – 14:35: Next Steps
- NIST - Paul Watrobski