Jacob DePriest

But security starts with developers, and AI isn’t going to replace them

As attacks against the software supply chain become more advanced, we must evolve along with them. With the addition of artificial intelligence integrations into the developer toolkit, the old view of supply chain security as just one tool or standard will no longer suffice. This session will examine how AI, with other methods and systems, is magnifying our ability to secure the supply chain.

“Open source is the backbone to everything we do, and what most companies do"

One of the best parts about working at GitHub is using GitHub to build GitHub—and not only for software development. GitHub is central to how the GitHub Security team drives and delivers secure operations, infrastructure, and products. In this session, Greg Ose will walk through how GitHub uses the platform to enable security workflows that bring the expertise and processes GitHub needs to manage security risk where GitHub engineers and partners are across the business work.

The National Security Agency (NSA) is a highly technical agency employing a large number of software developers, engineers, and mathematicians. We have a rich history of contributing back to the open source software (OSS) community through projects like SELinux, NiFI, and Ghidra. Our journey to enable our developers to contribute to and release OSS is closely tied with how we support our developers as a whole and more recently how we can enable them to work from home. If you’re curious how NSA… Show more

The National Security Agency (NSA) is a highly technical agency employing a large number of software developers, engineers, and mathematicians. We have a rich history of contributing back to the open source software (OSS) community through projects like SELinux, NiFI, and Ghidra. Our journey to enable our developers to contribute to and release OSS is closely tied with how we support our developers as a whole and more recently how we can enable them to work from home. If you’re curious how NSA handles releasing OSS, what it takes to support a large technical workforce dealing with sensitive information, or how an intelligence agency thinks about telework, then this talk is for you! Show less

The National Security Agency (NSA) uses a lot of open source software and has made successful contributions to projects like SELinux, REDHAWK, and NiFi. However, it’s traditionally been a challenge for developers to navigate the processes, policy, and mechanics of contributing back to the community. While NSA developers can’t always talk about how they use the software, there is a growing belief that they can build more of it in the open.

Jacob DePriest explains how a group of open… Show more

The National Security Agency (NSA) uses a lot of open source software and has made successful contributions to projects like SELinux, REDHAWK, and NiFi. However, it’s traditionally been a challenge for developers to navigate the processes, policy, and mechanics of contributing back to the community. While NSA developers can’t always talk about how they use the software, there is a growing belief that they can build more of it in the open.

Jacob DePriest explains how a group of open source evangelists are trying to strengthen the open source software ecosystem at the NSA and make it a normal part of developers’ jobs. Along the way, Jacob explores some of the key challenges of shifting a large organization in the open source space, including cultural resistance, bureaucratic momentum, and communication, as well as some that are specific to government intelligence agencies, such as limited copyright protection, security sensitivity for public communication, and prepublication review. Show less