Derek Weeks

Abstract: In 2009, we were awakened to Allspaw and Hammond’s “10 deploys a day”. In 2010, Jez Humble and Dave Farley advised us to “build quality in”. But in 2019, breaches hit 24% of software development teams. Are we staking our future on a pace we haven’t yet learned to secure?

In a year long collaboration between Gene Kim and Dr. Stephen Magill, we objectively examined and empirically documented software release patterns and cybersecurity hygiene practices across 36,000 commercial development teams and open source projects. Our research uncovered different software development and cybersecurity hygiene behaviors that we categorized as Exemplars, Laggards, Features First, and Cautious.

In this session, I will reveal the insights we uncovered. Attendees will learn which techniques, team structures and release patterns exemplary development teams have been championed at large enterprises like ABN AMRO, Walmart, and SEGA, as well as within open source project teams from the likes of Elasticsearch, Mulesoft, and SonarSource. I’ll also share observations of exemplary DevSecOps practices that deliver 50% more commits, release new code 2.4X faster, and remediate security vulnerabilities 2.9X faster.

Derek E. Weeks is the world’s foremost researcher on the topic of DevSecOps and securing software supply chains. For the past five years, he has championed the research of the annual State of the Software Supply Chain Report and the DevSecOps Community Survey. He currently serves as vice president and DevOps advocate at Sonatype, creators of the Nexus repository manager and the global leader in solutions for software supply chain automation. Derek is also the co-founder of All Day DevOps, an online community of 65,000 IT professionals. In 2018, Derek was recognized by DevOps.com as the “Best DevOps Evangelist” for his work in the community.