NCCoE DevSecOps Workshop

Note the time change to 11 am Eastern Daylight Time

11:00 – 11:15: Introduction to NIST and the NCCoE

• NIST - Kevin Stine

11:15 – 12:15: Federal Government

This session will discuss the current USG initiatives to improve the security of software and software supply chain such as Section 4 of Executive Order 14028 on Improving the Nation’s Cybersecurity and the ONCD Open Source Software Initiative.

• NIST – Jon Boyens (Slides)
• NSF – Daniela Oliveira (Slides)
• Q&As – Michael Ogata

12:15 – 12:20: Break

12:20 – 13:20: Industry

This session will look at how companies are implementing DevSecOps practices, both in terms of their own software and any software-related services they provide to other organizations (e.g., SaaS, PaaS). This session will also cover how companies’ current practices can support USG goals to improve the security of software and software supply chain.

• BlackBerry – Takashi Suzuki (Slides)
• Microsoft – Adrian Diglio (Slides)
• Dell – Sam Sehgal (Slides)
• Q&As – Paul Watrobski

13:20 – 13:25: Break

13:25 – 14:25: Open-Source Community

This session will examine the current state of DevSecOps in the open-source community, and will highlight opportunities for industry, government, and others to leverage existing projects, tools, and resources and collaborate with the community on DevSecOps-related efforts.

• Linux Foundation – David Wheeler (Slides)
• Google – Michael Winser (Slides)
• Chainguard – John Speed Meyers (Slides)
• Q&As – Michael Ogata

14:25 – 14:35: Next Steps

• NIST - Paul Watrobski