First open source won, then DevOps won. Now, there’s talk of DevSecOps — which by its very name suggests DevOps isn’t secure. Like DevOps, security isn’t a destination, it’s a journey. Rather than aiming for perfect security, what if we think of security as a minimum viable product?
Josh Bressers is the head of Product Security at Elastic. Josh has been involved in the security of products and projects, especially open source, for a very long time. Josh has helped build and manage security groups for many open source projects as well as a number of organizations. Everything from managing vulnerabilities, security development lifecycle, DevSecOps, security product management, security strategy, and nearly any other task that falls under the security umbrella. Josh co-hosts the Open Source Security Podcast. Josh is also an active member of the Distributed Weaknesses and Filing project which is in the process of leveraging the power of open source for CVEs.