Loading…
Subject: OpsWorld clear filter
arrow_back View All Dates
Tuesday, February 11
 

2:00pm PST

PRO WORKSHOP: Embracing Rust for Java and TypeScript Developers LIMITED
Tuesday February 11, 2025 2:00pm - 2:50pm PST
DeveloperWeek PRO Stage
Ramnivas Laddad, Exograph, Co-founder

Rust has been the most loved programming language for the past eight years, as highlighted by StackOverflow's developer survey. Its acclaim is backed by adoption from tech giants like Microsoft, Google, and Meta. Rust's blend of expressiveness, performance, safety, and fearless concurrency makes it ideal for multi-core CPUs. Additionally, Rust's ability to compile into WebAssembly enables seamless execution in browsers and edge computing environments.

Mastering Rust can be challenging, especially for developers with a background in non-system languages. Adopting Rust with the right mindset and suitable projects is crucial for a smooth transition and successful implementation.

In this talk, we will explore Rust's core principles and provide practical guidance for developers experienced in Java, TypeScript, and like languages. We will highlight projects where Rust excels, offering high value with minimal risk.
Speakers
avatar for Ramnivas Laddad

Ramnivas Laddad

Co-founder, Exograph
Ramnivas leads the development of Exograph, a declarative approach to backends written in Rust. He has led innovation in Spring Framework and Cloud Foundry since their beginning. Ramnivas is the author of AspectJ in Action, the best-selling book on aspect-oriented programming lauded... Read More →
Tuesday February 11, 2025 2:00pm - 2:50pm PST
DeveloperWeek PRO Stage
  OpsWorld

2:00pm PST

PRO WORKSHOP: GitHub Actions: Make Them Work for You! LIMITED
Tuesday February 11, 2025 2:00pm - 2:50pm PST
DevExec World Stage
Eleftherios Chrysochoidis, Chubb, Lead API Software Engineer

GitHub Actions offer robust and free CI/CD capabilities to streamline your development process. In this presentation, we'll dive into the core components of GitHub Actions and explore how they can be set to work for you by demonstrating various simple and advanced use cases!

GitHub Actions is an ideal tool for any project hosted on GitHub. It provides CI/CD features out of the box and is accessible to everyone without the need for extra infrastructure or setup. The declarative way of creating Actions makes their usage really easy, and its remarkable free layer provides sufficient limits even for big projects.

Especially for Open Source projects, where usually there is more than a single contributor, the need for CI/CD is huge. What will happen if you own an open source project and someone creates a Pull Request with really nice features but adds Security risks in the project (e.g. due to deprecated dependencies) or if they break some of the existing functionality? Would you be able to check all of them on your own? Maybe yes, but it would take much more time compared to having them all checked automatically by utilizing GitHub Actions.

Join me to explore how to make GitHub Actions run faster by utilizing caching mechanisms, build Reports for Testing, Coverage and Security issues and integrate them with any open Pull Request in the community, to have an automated evaluation of the suggested PR and get notifications for them.
Speakers
avatar for Eleftherios Chrysochoidis

Eleftherios Chrysochoidis

Lead API Software Engineer, Chubb
Experienced Lead Software Engineer with Passion for Community EngagementWith over six years of experience in software engineering, building and maintaining robust applications, Eleftherios (or simply Lefteris) gained a deep expertise in Java and Spring Boot technologies.His passion... Read More →
Tuesday February 11, 2025 2:00pm - 2:50pm PST
DevExec World Stage
  OpsWorld

3:00pm PST

PRO WORKSHOP: Bolster Your Bug Bounty – Code Search & Variant Analysis Techniques LIMITED
Tuesday February 11, 2025 3:00pm - 3:50pm PST
DeveloperWeek PRO Stage
Milan Williams, Semgrep, Senior Product Manager
Austin Theriault, Semgrep, Software Engineer

With so many repositories, organizations can struggle to locate and remediate recurring insecure code patterns. In this talk, you will understand the fundamentals of bug bounty programs, their importance, and common inefficiencies. Attendees will learn how to perform variant analysis, refine searches to reduce false positives and find vulnerabilities quickly. By leveraging these techniques, security teams can identify and reuse previous findings, extending the impact of their bug bounty program and significantly reducing costs. This technical session also provides a detailed architectural overview of building an in-house code search engine, drawing from our own experience. We'll share our wins & woes through multiple iterations, lessons learned, and preferred technologies. Our session concludes with a practical end-to-end walkthrough of a sanitized bug bounty report. Join us to gain knowledge to implement these strategies and technologies in your own engineering practice. 
Speakers
avatar for Austin Theriault

Austin Theriault

Software Engineer, Semgrep
avatar for Milan Williams

Milan Williams

Senior Product Manager, Semgrep
Milan Williams is a Senior Product Manager at Semgrep, where she helps security engineers and developers work together to ship secure software. She recently graduated from Harvard University with degrees in Computer Science and Physics. In her free time, you can find her running in... Read More →
Tuesday February 11, 2025 3:00pm - 3:50pm PST
DeveloperWeek PRO Stage
  OpsWorld

4:00pm PST

PRO WORKSHOP: The Dark Side of Open Source Productivity LIMITED
Tuesday February 11, 2025 4:00pm - 4:50pm PST
DeveloperWeek PRO Stage
Derek Francour, Endor Labs, Solutions

There is a dark side to productivity with open source. In modern applications, the majority of code on which an application is built isn’t code written by your team. Modern applications are built on the backs of volunteer communities and open-source software. These volunteers and their software delivery practices all become potential attack vectors. The truth is that most organizations do not factor open-source supply chain attacks into their organization’s threat models today. Security incidents such as the CodeCov bash uploader script, the npm colors, and faker intentionally introduced malicious commits, and the recent PyPi backdoors targeting AWS credentials highlight the impact of supply chain attacks as a scalable attack pattern. To spread awareness on supply chain attacks so that organizations can scalably handle them we propose baking supply chain attacks into existing threat modeling procedures and software development culture so that organizations can champion supply chain management of open source in the places where they are most impactful, at development time. We will present a comprehensive, comprehensible, and technology-agnostic taxonomy of attack vectors, created on the basis of hundreds of real-world incidents and validated by experts in the domain. Following, we will discuss the types of defenses you can put in place to detect and respond to such modern day attacks and how you can work these defenses in based on your program’s maturity. 
Speakers
avatar for Derek Francour

Derek Francour

Solutions, Endor Labs
As a Solutions Architect at Endor Labs, Derek Francour helps teams implement application security programs that don't slow down developers and make upgrading open source dependencies easier. Previously, Derek worked in Healthcare IT as a full-stack web developer and solutions engineer... Read More →
Tuesday February 11, 2025 4:00pm - 4:50pm PST
DeveloperWeek PRO Stage
  Cloud Native World
 
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Filtered by Date - 
Clear filter
Monday, February 10
Tuesday, February 11
Wednesday, February 12
Thursday, February 13
Tuesday, February 18
Wednesday, February 19
Thursday, February 20
AI DevWorld Stage
AI DevWorld MAIN STAGE
CloudNative World Stage
Dev Innovation World Stage
Dev Security World Stage
DeveloperWeek MAIN STAGE
DeveloperWeek PRO Stage
DevExec World Stage
Frontend World Stage
Hyatt Regency Santa Clara
Hyatt Regency Santa Clara - Lobby
OpsWorld Stage
ProductWorld MAIN STAGE
Roundtables
Santa Clara Convention Center - Expo Hall
Santa Clara Convention Center - Main Lobby
VIRTUAL AI DevWorld Main Stage
VIRTUAL AI DevWorld Stage
VIRTUAL AI DevWorld Stage 1
VIRTUAL Cloud Native World
VIRTUAL Dev Exec World
VIRTUAL Dev Innovation World
VIRTUAL Dev Security World
VIRTUAL DeveloperWeek MAIN STAGE
VIRTUAL DeveloperWeek PRO STAGE
VIRTUAL Expo Hall
VIRTUAL Frontend World
VIRTUAL OpsWorld
VIRTUAL ProductWorld Main Stage
  • 1. Badge Pick-up & Registration
  • 2. Community Events & Experiences
  • 3. Expo Hours
  • 4. Hackathon
  • 5. KEYNOTES & FEATURED
  • AI DevWorld
  • Cloud Native World
  • Dev Exec World
  • Dev Innovation World
  • Dev Security World
  • Frontend World
  • OpsWorld
  • ProductWorld
  • Tracks & Topics
  • AI & ML Certificate
  • API Certificate
  • APIs & Microservices
  • Blockchain & Web3
  • Cloud Management Certificate
  • Data Engineering
  • Data Management and Engineering Certificate
  • Dev Career
  • Dev Leadership Certificate
  • Developer Experience (DX)
  • Developer Tools
  • DevOps
  • DevOps Certificate
  • Enterprise
  • Frontend Certificate
  • Gen AI / LLMs
  • Open Source Strategy
  • Platform Engineering
  • Product Certificate
  • Security Certificate
  • Technical Leadership & Management
  • Session Type
  • OPEN Session
  • PRO Session
  • PRO Workshop Day (Tues)
  • Conferences
  • AI & Organizational Change Management (AI DevWorld)
  • AI DevWorld
  • AI DevWorld: AI Strategy Conference
  • AI DevWorld: AI/ML Engineering Conference
  • AI DevWorld: Industry AI Conference
  • AI Ethics (AI DevWorld)
  • AI for the Enterprise (AI DevWorld)
  • AI Security & Governance & Compliance (AI DevWorld)
  • Applied AI Innovation (AI DevWorld)
  • Applied Machine Learning (AI DevWorld)
  • Bots & Language Processing (AI DevWorld)
  • Cloud Native World
  • Data Science & Predictive Models (AI DevWorld)
  • Deep AI Learning & Neural Networks (AI DevWorld)
  • Dev Exec World
  • Dev Innovation World
  • Dev Security World
  • Finance/FinTech AI (AI DevWorld)
  • Frontend World
  • Generative AI & LLMs (AI DevWorld)
  • Healthcare & HealthTech AI (AI DevWorld)
  • Marketing & Advertising AI (AI DevWorld)
  • Methodology: Agile and Rapid Prototyping and SCRUM and Beyond (ProductWorld)
  • MLOps & AIOps (AI DevWorld)
  • OPEN Session
  • OpenAPI Summit
  • OpsWorld
  • OWASP Certified
  • Product Lead / Product Manager Roundtables (ProductWorld)
  • Product Lifecycle & Case Studies (ProductWorld)
  • Product Management Tools & Software (ProductWorld)
  • Product Roadmap Strategy & Innovation (ProductWorld)
  • Product Team Management & Structure (ProductWorld)
  • ProductWorld
  • Retail & E-commerce AI (AI DevWorld)
  • Roundtables
  • Sponsor Spotlight
  • Tensorflow & PyTorch & Open Source Frameworks (AI DevWorld)
  • Virtual
  • In-Person/Virtual
  • In Person
  • Virtual
  • Virtual Exclusive