TNS
VOXPOP
Will JavaScript type annotations kill TypeScript?
The creators of Svelte and Turbo 8 both dropped TS recently saying that "it's not worth it".
Yes: If JavaScript gets type annotations then there's no reason for TypeScript to exist.
0%
No: TypeScript remains the best language for structuring large enterprise applications.
0%
TBD: The existing user base and its corpensource owner means that TypeScript isn’t likely to reach EOL without a putting up a fight.
0%
I hope they both die. I mean, if you really need strong types in the browser then you could leverage WASM and use a real programming language.
0%
I don’t know and I don’t care.
0%
CI/CD / DevOps / Kubernetes / Security

Twistlock Rethinks the Developer Pipeline for Securing Hyperscale Applications

Aug 25th, 2017 1:21pm by
Featued image for: Twistlock Rethinks the Developer Pipeline for Securing Hyperscale Applications


Twistlock on Rethinking the Developer Pipeline

In the chain of events that defines the modern evolutionary path of the application — a path that now includes microservices, persistent containers, orchestrators, monitors, and “kubelets” — when does the security part begin? We’ve talked in recent years about “baking security into” applications. But now that hyperscale applications are becoming, by definition, aggregates of correlated functions, there’s no longer a single “baking” process, if you will.

So the issue of containerization security shifts back to where it began in 2014, with the question of whether a secure system can compensate for insecure communication.

“There’s a lot more responsibility that’s on the developer, or at least in the developer’s workflow, to secure that application,” said John Morello, chief technology officer for container security platform provider Twistlock, speaking on this latest episode of The New Stack Makers podcast, in an interview done for our upcoming eBook, “The State of the Kubernetes Ecosystem.”

Because unlike that world of [virtual machines] in which you may deploy WordPress out there one day, and then your operations team is going to scan that environment with Nessus or Qualys or a tool such as that, and find some vulnerabilities, then SSH into that VM and update the components in that VM… in the new world of containers, your developers need to know that, because your developers need to recreate the images that are vulnerable. And then they need to deploy those new images to replace whatever’s out there.”

[cycloneslider id=”kubernetes-series-book-1-sponsors”]

In This Edition:

2:20: How the components of distributed systems should interact with users and each other.
5:08: Making sure the right people are integrated into the process at the right time.
9:24: What has to change for an organization that has adopted a CI/CD infrastructure?
18:12: The reality of operational tools and practices used when securing containers.
21:19: The process of developing non-vulnerable code from the very beginning and enforcing better communication in code.
23:39: Is there anything Kubernetes needs to do to facilitate a stronger security landscape?

Twistlock is a sponsor of The New Stack.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: Pragma, The New Stack.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.